H3C Technologies H3C SecBlade LB Cards User Manual

Page 10

Configuring virtual fragment reassembly ·············································································································· 206

Overview ······································································································································································· 206

Configuring virtual fragment reassembly in the Web interface ·············································································· 206

Configuring virtual fragment reassembly ·········································································································· 206

Virtual fragment reassembly configuration example ······················································································· 207

Configuring virtual fragment reassembly at the CLI ································································································· 209

Configuration guidelines ···································································································································· 209

Configuration procedure ···································································································································· 209

Configuration example ······································································································································· 210

Configuring attack detection and protection ········································································································ 211

Types of network attacks the device can defend against ··············································································· 211

Connection limit ··················································································································································· 213

Blacklist function ·················································································································································· 213

Traffic statistics function ······································································································································ 214

TCP proxy ····························································································································································· 215

Intrusion detection statistics ································································································································ 217

Configuring attack detection and protection in the Web interface ········································································ 217

Configuring packet inspection ··························································································································· 217

Packet inspection configuration example ········································································································· 219

Configuring traffic abnormality detection ········································································································· 220

Traffic abnormality detection configuration example ······················································································ 228

Configuring TCP proxy ······································································································································· 232

Enabling TCP Proxy for a Security Zone ··········································································································· 233

TCP proxy configuration example ····················································································································· 234

Configuring blacklist ··········································································································································· 237

Blacklist configuration example ························································································································· 239

Displaying intrusion detection statistics ············································································································· 241

Configuring attack detection and protection at the CLI ··························································································· 244

Attack detection and protection configuration task list ··················································································· 244

Creating an attack protection policy ················································································································· 244

Enabling attack protection logging ··················································································································· 245

Configuring an attack protection policy ··········································································································· 245

Applying an attack protection policy to a security zone ················································································ 249

Configuring the blacklist function ······················································································································ 250

Configuring connection limits ····························································································································· 251

Troubleshooting connection limiting ·················································································································· 252

Enabling traffic statistics for a security zone ···································································································· 252

Displaying and maintaining attack detection and protection ········································································· 253

Configuring attack protection functions on security zones ············································································· 254

Configuring connection limit ······························································································································ 257

Configuring traffic statistics ································································································································ 258

Configuring TCP attack protection ························································································································· 262

Enabling the SYN Cookie feature ······························································································································ 262

Enabling protection against Naptha attacks ············································································································· 263

Displaying and maintaining TCP attack protection ·································································································· 263

Configuring ND attack defense ····························································································································· 264

Enabling source MAC consistency check for ND packets ······················································································· 265

This manual is related to the following products:

H3C SecPath L1000-A Load Balancer