Verifying the configuration – H3C Technologies H3C SecPath F1000-E User Manual

Page 13

Advertising

Select Intrusion Detection > Traffic Abnormality > Scanning Detection from the navigation tree.
The page for configuring scanning detection for the untrusted zone appears.

Figure 7 Configuring scanning detection for the untrusted zone

Select security zone Untrust, select the Enable Scanning Detection option, set the scanning
threshold to 4500, select the Add the source IP to the blacklist option, and click Apply.

Verifying the configuration

•

From the navigation tree, select Intrusion Detection > Blacklist to display the list. Check whether the

manually added blacklist entries appear on the blacklist.

•

Check whether SecPath discards all packets from Host D before you remove the blacklist entry for
the host.

•

Check whether SecPath discards all packets from Host C within 50 minutes. After 50 minutes, check
whether SecPath forwards packets from Host C normally.

•

Check whether SecPath outputs an alarm log and adds the IP address to the blacklist when
detecting a scanning attack from the untrusted zone. You can select Intrusion Detection > Blacklist

from the navigation tree to check the blacklist for the entry.

Advertising

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands

Popular manuals