beautypg.com

Configuring connection limits – H3C Technologies H3C SecBlade LB Cards User Manual

Page 237

background image

226

6.

Click Apply.

Table 28 Configuration items

Item Description

Protected Host
Configuration

IP Address

Specify the IP address of the protected host.

Action
Threshold

Set the protection action threshold for SYN
flood attacks that target the protected host.
If the sending rate of SYN packets destined
for the specified IP address constantly

reaches or exceeds this threshold, the

device enters the attack protection state and
takes attack protection actions as

configured.

By default, the action
threshold is 1000 packets
per second and the silent

threshold is 750 packets

per second.

Silent
Threshold

Set the silent threshold for actions that
protect against SYN flood attacks targeting

the protected host.
If the sending rate of SYN packets destined

for the specified IP address drops below this
threshold, the device returns to the attack

detection state and stops the protection

actions.

Global
Configuration of
Security Zone

Action
Threshold

Set the protection action threshold for SYN
flood attacks that target a host in the
protected security zone.
If the sending rate of SYN packets destined
for a host in the security zone constantly

reaches or exceeds this threshold, the
device enters the attack protection state and

takes attack protection actions as

configured.

By default, the action
threshold is 1000 packets

per second and the silent
threshold is 750 packets

per second.

Silent

Threshold

Set the silent threshold for actions that
protect against SYN flood attacks targeting
a host in the protected security zone.
If the sending rate of SYN packets destined
for a host in the security zone drops below

this threshold, the device returns to the

attack detection state and stops the
protection actions.

NOTE:

Host-specific settings take precedence over the global settings for security zones.

Configuring connection limits

1.

From the navigation tree, select Security > Intrusion Detection > Connection Limit.
The connection limit configuration page appears.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: