Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 7

Advertising
background image

ServerIron ADX Security Guide

ix

53-1002440-03

Translation timeouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104

Configuring the NAT translation aging timer . . . . . . . . . . . . . .104

Stateless static IP NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Redundancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Enabling IP NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106
Enabling static NAT redundancy . . . . . . . . . . . . . . . . . . . . . . . .106
Enabling dynamic NAT redundancy . . . . . . . . . . . . . . . . . . . . .107

Displaying NAT information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107

Displaying NAT statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Displaying NAT translation. . . . . . . . . . . . . . . . . . . . . . . . . . . . .110
Displaying NAT redundancy information. . . . . . . . . . . . . . . . . .111
Displaying VRRPE information . . . . . . . . . . . . . . . . . . . . . . . . .112

Clearing NAT entries from the table . . . . . . . . . . . . . . . . . . . . . . . . .112

Chapter 5

Syn-Proxy and DoS Protection

Understanding Syn-Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113

Syn-Proxy auto control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
Difference between ServerIron ADX and JetCore Syn-Proxy Behavior
113

Configuring Syn-Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114

Setting a minimum MSS value for SYN-ACK packets . . . . . . .117
Configuring Syn-Proxy auto control . . . . . . . . . . . . . . . . . . . . . .120
Displaying Syn-Proxy Commands . . . . . . . . . . . . . . . . . . . . . . .121

DDoS protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124

Configuring a security filter . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
Configuring a Generic Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
Configuring a rule for common attack types. . . . . . . . . . . . . .127
Configuring a rule for ip-option attack types . . . . . . . . . . . . . .129
Configuring a rule for icmp-type options . . . . . . . . . . . . . . . . .130
Configuring a rule for IPv6 ICMP types . . . . . . . . . . . . . . . . . . .131
Configuring a rule for IPv6 ext header types . . . . . . . . . . . . . .132
Binding the filter to an interface . . . . . . . . . . . . . . . . . . . . . . . .133
Clearing DOS attack statistics. . . . . . . . . . . . . . . . . . . . . . . . . .133
Clearing all DDOS Filter & Attack Counters . . . . . . . . . . . . . . .133
Logging for DoS attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Displaying security filter statistics . . . . . . . . . . . . . . . . . . . . . .134
Address-sweep and port-scan logging . . . . . . . . . . . . . . . . . . .134

Advertising
Popular Brands
Popular manuals