Tcp proxy configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 44
36
TCP proxy configuration example
Network requirements
As shown in
, configure bidirectional TCP proxy on SecPath to protect Server A, Server B, and
Server C against SYN flood attacks. Add a protected IP address entry for Server A and configure
dynamic TCP proxy for the other servers.
Figure 42 Network diagram
Configuration procedure
# Assign IP addresses for the interfaces and then add interface GigabitEthernet 1/1 to zone Untrust, and
GigabitEthernet 1/2 to zone Trust. (Details not shown.)
# Set the TCP proxy mode to bidirectional and enable TCP proxy for zone Untrust.
•
Select Intrusion Detection > TCP Proxy > TCP Proxy Configuration from the navigation tree. Select
the bidirectional mode and enable TCP proxy for zone Untrust as shown in
.
Figure 43 Selecting the bidirectional mode and enabling TCP proxy for zone Untrust
•
Select Bidirection for the global setting.
•
Click Apply.
•
In the Zone Configuration area, click Enable for the Untrust zone.
# Add an IP address entry manually for protection.
•
Select Intrusion Detection > TCP Proxy > Protected IP Configuration from the navigation tree. Then
on the right pane, click Add. Add an IP address entry for protection as shown in
.