Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
25
Item Descri
p
tion
Number of Rejected
Amount of requests for TCP connection requests matching the protected IP
address entry but were proved to be illegitimate.
TCP proxy configuration example
Network requirements
As shown in Figure 28, configure bidirectional TCP proxy on Firewall to protect Server A, Server B, and
Server C against SYN flood attacks.
Add a protected IP address entry for Server A manually and configure dynamic TCP proxy for the other
servers.
Figure 28 Network diagram
Configuring Firewall
1. Assign IP addresses to the interfaces, and then add interface GigabitEthernet 1/1 to zone Untrust,
and GigabitEthernet 1/2 to zone Trust. (Details not shown.)
2. Set the TCP proxy mode to bidirectional and enable TCP proxy for zone Untrust:
a. From the navigation tree, select Intrusion Detection > TCP Proxy > TCP Proxy Configuration.
Figure 29 Selecting the bidirectional mode and enabling TCP proxy for zone Untrust
b. Select Bidirection for the global setting, and click Apply.
c. In the Zone Configuration area, click Enable for the Untrust zone.