beautypg.com

Configuring the lb product – H3C Technologies H3C SecBlade LB Cards User Manual

Page 240

background image

229

Configure source IP address-based connection limit for the trusted zone, and set the number of

connections each host can initiate to 100.

Configure destination IP address-based connection limit for the DMZ, and set the number of
connections the server can accommodate to 10000.

Configure SYN flood detection for the DMZ, and set the action threshold for attacks targeting the
internal server (for example, to 5000 packets per second) and the silent threshold (for example, to

1000 packets per second). Set the attack protection action to blocking subsequent packets destined

for the server.

Configuring the LB product

1.

Assign IP addresses and security zones to interfaces. (Details not shown.)

2.

Enable the blacklist feature:

a.

From the navigation tree, select Security > Intrusion Detection > Blacklist.

b.

In the Global Configuration area, select Enable Blacklist as shown in

Figure 119

.

c.

Click Apply.

Figure 119 Enabling the blacklist feature

3.

Configure scanning detection for the untrusted zone:

a.

From the navigation tree, select Security > Intrusion Detection > Scanning Detection.
The scanning detection configuration page appears, as shown in

Figure 120

.

b.

Select the security zone Untrust.

c.

Select Enable Scanning Detection.

d.

Set the scanning threshold to 4500 connections per second.

e.

Select Add the source IP to the blacklist.

f.

Click Apply.

This manual is related to the following products: