Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
391392393394395396397398399400
4-102
Firewall
Attack Checking
10. Click OK and Close.
11. Click Save.
12. Configure a firewall access policy with the following parameters:
Action—Permit Traffic
From—INTERNAL
To—EXTERNAL
Service—TCP 1584–1585
Source—Any Address
Destination—172.19.55.0/24 and 172.23.11.0/24 (create a multiple-
entry network address object as shown in “Named Objects and Their
Uses” on page 4-10).
13. Configure another access policy to permit the reverse traffic. See “Fire-
wall Access Policies” on page 4-22 for instructions.
Attack Checking
The TMS zl Module automatically detects and blocks specific known
attacks. It monitors TCP handshakes and drops packets with flags that signal
known attacks.
The TMS zl Module firewall checks for these attacks by default:
IP spoofing
Ping of death
Land attacks
IP reassembly attacks
Note You cannot prevent the firewall from dropping packets that display the signs
of these attacks.
Additionally, you can enable and disable certain optional checks, including
those for the following attacks:
ICMP replay
ICMP error messages
SYN flooding
Source routing