EasyManuals Logo
Home>Huawei>Network Router>AR1200-S

Huawei AR1200-S User Manual

Huawei AR1200-S
308 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #84 background imageLoading...
Page #84 background image
By default, no attack defense function is enabled.
----End
3.10.3 Setting the Parameters for Flood Attack Defense
Context
Steps 2-4 are optional and can be performed in any sequence. You can select these steps to defend
different types of Flood attacks.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
firewall defend icmp-flood { ip ip-address [ vpn-instance vpn-instance-name ] |
zone zone-name } [ max-rate rate-value ]
The parameters for ICMP Flood attack defense are set.
Step 3 Run:
firewall defend syn-flood { ip ip-address [ vpn-instance vpn-instance-name ] |
zone zone-name } [ max-rate rate-value ] | [ tcp-proxy { auto | off | on } ]
The parameters for SYN Flood attack defense are set.
Step 4 Run:
firewall defend udp-flood { ip ip-address [ vpn-instance vpn-instance-name ] |
zone zone-name } [ max-rate rate-value ]
The parameters for UDP Flood attack defense are set.
To prevent Flood attacks, you need to specify the zones or IP addresses to be protected;
otherwise, the attack defense parameters are invalid. You can also specify the maximum session
rate. When the session rate exceeds the limit, the AR1200-S considers that an attack occurs and
takes measures.
For Flood attack defense, the priority of IP addresses is higher than the priority of zones. If Flood
attack defense is enabled for both a specified IP address and the zone where the IP address
resides, then the attack defense for the IP address takes effect. If you cancel the attack defense
for the IP address, the attack defense for the zone takes effect.
By default, the maximum session rate for Flood attacks is 1000 pps, and the TCP proxy is enabled
for the SYN Flood attack defense.
For Flood attack defense, you can specify up to 32 IP addresses to protect.
----End
3.10.4 Configuring Large ICMP Packet Attack Defense
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security 3 Firewall Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
70

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Huawei AR1200-S and is the answer not in the manual?

Huawei AR1200-S Specifications

General IconGeneral
BrandHuawei
ModelAR1200-S
CategoryNetwork Router
LanguageEnglish

Related product manuals