H3C Technologies H3C SecPath F1000-E User Manual

Page 6

Advertising
background image

i

Contents

Configuring blacklist ···················································································································································· 1

 

Overview ············································································································································································ 1

 

Recommended configuration procedure························································································································· 1

 

Enabling the blacklist function ········································································································································· 2

 

Adding a blacklist entry manually ··································································································································· 2

 

Viewing the blacklist ························································································································································· 3

 

Blacklist configuration example ······································································································································· 3

 

Network requirements ·············································································································································· 3

 

Configuration procedure ········································································································································· 4

 

Verifying the configuration ······································································································································ 5

 

Configuring packet inspection ···································································································································· 6

 

Overview ············································································································································································ 6

 

Configuration procedure ·················································································································································· 7

 

Packet inspection configuration example ······················································································································· 8

 

Network requirements ·············································································································································· 8

 

Configuration procedure ········································································································································· 8

 

Verifying the configuration ······································································································································ 9

 

Configuring traffic abnormality detection ················································································································ 10

 

Overview ········································································································································································· 10

 

Flood detection ······················································································································································ 10

 

Connection limit ····················································································································································· 11

 

Scanning detection ················································································································································ 11

 

Configuring ICMP flood detection ································································································································ 11

 

Configuring UDP flood detection·································································································································· 13

 

Configuring DNS flood detection ································································································································· 15

 

Configuring SYN flood detection ································································································································· 17

 

Configuring connection limit ········································································································································· 19

 

Configuring scanning detection ··································································································································· 19

 

Traffic abnormality detection configuration example ································································································· 20

 

Network requirements ··········································································································································· 20

 

Configuration considerations ······························································································································· 21

 

Configuration procedure ······································································································································ 21

 

Verifying the configuration ··································································································································· 25

 

Configuring URPF ······················································································································································· 26

 

URPF overview ································································································································································ 26

 

What is URPF ························································································································································· 26

 

How URPF works ··················································································································································· 26

 

Configuration procedure ··············································································································································· 27

 

URPF configuration example ········································································································································· 28

 

Configuring TCP proxy ·············································································································································· 31

 

Overview ········································································································································································· 31

 

SYN flood attack ··················································································································································· 31

 

TCP proxy ······························································································································································· 31

 

TCP proxy working mechanism ··························································································································· 32

 

Configuring TCP proxy ·················································································································································· 33

 

Recommended configuration procedure ············································································································· 33

 

Performing global TCP proxy setting ··················································································································· 34

 

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands
Popular manuals