Figure 9 – H3C Technologies H3C SecPath F1000-E User Manual
Page 649
7
Figure 9 Select the bidirectional mode and enable TCP proxy for zone Untrust
•
Select Bidirection for the global setting.
•
Click Apply.
•
In the Zone Configuration area, click Enable for the Untrust zone.
# Add an IP address entry manually for protection.
•
Select Intrusion Detection > TCP Proxy > Protected IP Configuration from the
navigation tree. Then on the right pane, click Add. Add an IP address entry for protection as shown
in
.
Figure 10 Add an IP address entry for protection
•
Type 20.0.0.10 in the Protected IP Address text box.
•
Click Apply.
# Configure the SYN flood detection feature, specifying to automatically add protected IP address
entries.
•
Select Intrusion Detection > Traffic Abnormality > SYN Flood from the navigation tree. In
the Attack Prevention Policy area, configure the action to be taken upon SYN flood diction as
configurations shown in
.