Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
46
RAWIP packet count : 0
RAWIP byte count : 0
[Firewall-zone-trust] display flow-statistics statistics zone trust outbound
Flow Statistics Information
------------------------------------------------------------
Zone : Trust
------------------------------------------------------------
Total number of existing sessions : 13676
Session establishment rate : 2735/s
TCP sessions : 0
Half-open TCP sessions : 0
Half-close TCP sessions : 0
TCP session establishment rate : 0/s
UDP sessions : 13676
UDP session establishment rate : 2735/s
ICMP sessions : 0
ICMP session establishment rate : 0/s
RAWIP sessions : 0
RAWIP session establishment rate : 0/s
The output shows that in security zone trust, a large number of UDP packets are destined for 10.1.1.2, and
the session establishment rate has exceeded the specified threshold. Therefore, you can determine that
the server is under a UDP flood attack. You can use the display attack-defense statistics command to
view the related statistics collected after the UDP flood protection function takes effect.
TCP proxy configuration example
Network requirements
Configure a bidirectional TCP proxy on Firewall to protect Server A, Server B, and Server C from SYN
flood attacks.
Add the IP address of Server A as a static protected IP and protect other servers dynamically.
Figure 44 Network diagram
Configuration procedure
# Specify IP addresses for interfaces and add them into security zones. (Details not shown.)
# Configure the operating mode of TCP Proxy as bidirectional.
[Firewall] undo tcp-proxy mode
Internet
Firewall
Server C
GE0/2GE0/1
Server A
192.168.1.10/24
Server B
202.1.0.1/16192.168.1.1/16
Trust
Untrust