Configuration verification – H3C Technologies H3C SecPath F1000-E User Manual

14

Figure 17 Specify the objects to be protected in the DMZ

•

•

Select the Protected Host Configuration option.

•

Specify the IP address as 10.1.1.2.

•

Set the connection rate threshold to 5000 connections per second.

•

Click Apply to complete the configuration.

Configuration verification

After completing the previous configurations, you can verify the configurations as follows:

•

After a scanning attack packet is received from zone Untrust, the device should output alarm logs
and add the IP address of the attacker to the blacklist. You can select Intrusion Detection >
Blacklist from the navigation tree to view whether the attacker’s IP address is on the blacklist.

•

If a host in zone Trust initiates 100 or more connections, the device should output alarm logs and
discard subsequent connection request packets from the host. You can select Intrusion
Detection > Statistics from the navigation tree to view how many times that a connection limit
per source IP address has been exceeded and the number of packets dropped.

•

If the number of connections to the server in the DMZ reaches or exceeds 10000, the device
should output alarm logs and discard subsequent connection request packets. You can select
Intrusion Detection > Statistics from the navigation tree to view how many times that a
connection limit per destination IP address has been exceeded and the number of packets

dropped.

•

If a SYN flood attack is initiated to the DMZ, the device should output alarm logs and discard the
attack packets. You can select Intrusion Detection > Statistics from the navigation tree to
view the number of SYN flood attacks and the number of packets dropped.