Tcp proxy – H3C Technologies H3C SecBlade LB Cards User Manual

Page 226

background image

215

TCP proxy

The TCP proxy function can protect servers from SYN flood attacks. A device enabled with the TCP proxy

function can function as a TCP proxy between TCP clients and servers. Upon detecting a SYN flood

attack, the device can add a protected IP address entry for the attacked server and use the TCP proxy
function to inspect and process all subsequent TCP requests destined to the server.
TCP proxy can operate in two modes:

Unidirectional proxy—Processes only packets from TCP clients.

Bidirectional proxy—Processes packets from both TCP clients and TCP servers.

You can choose a proper mode according to your network scenario. For example, if packets from TCP

clients to a server go through the TCP proxy but packets from the server to clients do not, as shown

in

Figure 103

, configure unidirectional proxy.

Figure 103 Network diagram for unidirectional proxy

If all packets between TCP clients and a server go through the TCP proxy, as shown in

Figure 104

, you

can configure unidirectional proxy or bidirectional proxy as desired.

Figure 104 Network diagram for unidirectional/bidirectional proxy

Unidirectional proxy

This manual is related to the following products: