Configuring tcp proxy, Recommended configuration procedure, Performing global tcp proxy setting – H3C Technologies H3C SecBlade LB Cards User Manual

232

Detection > Statistics from the navigation tree to view how many times that a connection limit per

destination IP address has been exceeded and the number of packets dropped.

•

If a SYN flood attack is initiated to the DMZ, the device outputs alarm logs and discards the attack
packets. You can select Security > Intrusion Detection > Statistics from the navigation tree to view

the number of SYN flood attacks and the number of packets dropped.

Configuring TCP proxy

Recommended configuration procedure

Task Remarks

1. Performing global TCP proxy setting

Optional.
By default, bidirectional proxy is used.

2. Enabling TCP Proxy for a Security

Zone

Required.
By default, the TCP proxy feature is disabled globally.

TIP:

The TCP proxy feature takes effect only for the incoming traffic of

the security zone.

3. Adding a protected IP address entry

At least one method is required.
You can add protected IP address entries by either of the
methods:

•

Static—Add entries manually. By default, no such entries are
configured in the system.

•

Dynamic—Select Security > Intrusion Detection > Protected IP
Configuration, and then select the Add protected IP entry to

TCP Proxy check box. After the configuration, the TCP

proxy-enabled device automatically adds protected IP address
entries when detecting SYN flood attacks. For more

information, see "

Configuring SYN flood detection

."

4.

Configure to automatically add a
protected IP address entry

5. Displaying information about

protected IP address entries

Optional.

Performing global TCP proxy setting

1.

From the navigation tree, select Security > Intrusion Detection > TCP Proxy Configuration to enter

the page shown in

Figure 125

.

2.

In the Global Configuration area, select Unidirection or Bidirection for TCP proxy.

3.

Click Apply.