Tcp proxy configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 44

Advertising

TCP proxy configuration example

Network requirements

As shown in

, configure bidirectional TCP proxy on SecPath to protect Server A, Server B, and

Server C against SYN flood attacks. Add a protected IP address entry for Server A and configure
dynamic TCP proxy for the other servers.

Figure 42 Network diagram

Configuration procedure

# Assign IP addresses for the interfaces and then add interface GigabitEthernet 1/1 to zone Untrust, and

GigabitEthernet 1/2 to zone Trust. (Details not shown.)
# Set the TCP proxy mode to bidirectional and enable TCP proxy for zone Untrust.

•

Select Intrusion Detection > TCP Proxy > TCP Proxy Configuration from the navigation tree. Select
the bidirectional mode and enable TCP proxy for zone Untrust as shown in

Figure 43

Figure 43 Selecting the bidirectional mode and enabling TCP proxy for zone Untrust

•

Select Bidirection for the global setting.

•

Click Apply.

•

In the Zone Configuration area, click Enable for the Untrust zone.

# Add an IP address entry manually for protection.

•

Select Intrusion Detection > TCP Proxy > Protected IP Configuration from the navigation tree. Then

on the right pane, click Add. Add an IP address entry for protection as shown in

Figure 44

Advertising

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands

Popular manuals