HP VPN Firewall Appliances Attack Protection Configuration Guide
42
In security zone Untrust, configure Smurf attack protection and scanning attack protection, enable the
blacklist function for scanning attack protection, and set the connection rate threshold that triggers the
scanning attack protection to 4500 connections per second.
In security zone DMZ, configure SYN flood attack protection, so that the device drops subsequent SYN
packets when the SYN packet sending rate to a server constantly reaches or exceeds 5000 packets per
second, and permits SYN packets to be sent to the server again when this rate drops below 1000
packets per second.
Figure 41 Network diagram
Configuration procedure
# Specify IP address for interfaces and add them into security zones. (Details not shown.)
# Enable blacklist function.
<Firewall> system-view
[Firewall] blacklist enable
# Create attack protection policy 1.
[Firewall] attack-defense policy 1
# Enable Smurf attack protection.
[Firewall-attack-defense-policy-1] signature-detect smurf enable
# Enable scanning attack protection.
[Firewall-attack-defense-policy-1] defense scan enable
# Set the connection rate threshold that triggers scanning attack protection to 4500 connections per
second.
[Firewall-attack-defense-policy-1] defense scan max-rate 4500
# Add source IP addresses detected by scanning attack protection to the blacklist.
[Firewall-attack-defense-policy-1] defense scan add-to-blacklist
[Firewall-attack-defense-policy-1] quit
# Apply attack protection policy 1 to the security zone untrust.
[Firewall] zone name untrust id 4
[Firewall-zone-untrust] attack-defense apply policy 1
[Firewall-zone-untrust] quit
# Create attack protection policy 2.
[Firewall] attack-defense policy 2