Tcp proxy configuration example, Network requirements, Displaying information about – H3C Technologies H3C SecBlade LB Cards User Manual
Page 245: Protected ip address entries
234
Figure 127 Protected IP address entry configuration page
3.
Enter the destination IP address and select the port number of the TCP connection.
To protect all TCP connection requests to any port of the server at the destination IP address, select
Any from the Port Number list.
NOTE:
The Web performance is degraded if the IP address and port number of the administrator's host are set as
the protected IP entry.
Displaying information about protected IP address entries
Select Security > Intrusion Detection > Protected IP Configuration to enter the page shown in
which lists information about protected IP address entries.
Table 31 Field description
Item Description
Protected IP
IP addresses protected by the TCP proxy feature.
Port Number
Destination port of the TCP connection.
The option any specifies that TCP proxy services TCP connection requests to
any port of the server at the destination IP address.
Type
The protected IP address entries can be static or dynamic.
Lifetime(min)
Lifetime for the IP address entry under protection. This item is displayed as –
for static IP address entries.
When the time reaches 0, the protected IP address entry is deleted.
Number of Rejected
Amount of requests for TCP connection requests matching the protected IP
address entry but were proved to be illegitimate.
TCP proxy configuration example
Network requirements
As shown in
, configure bidirectional TCP proxy on the LB product to protect Server A, Server
B, and Server C against SYN flood attacks.
Add a protected IP address entry for Server A manually and configure dynamic TCP proxy for the other
servers.