Cookbook Configuration
101
3.12.1 Attack Defense Configuration
The router is usually deployed on the intranet egress. Both normal service traffic and malicious attack traffic
pass through the router. You can enable the attack defense function and configure corresponding policies to
detect and block the attack traffic passing through the router, ensuring the safety of the internal network.
Attack defense configuration supports the protocol policy, zone policy, and global defense policy, which are
prioritized in a decreasing order.
1. Attack Defense Feature
The attack defense feature is used to display the menu and configure the attack defense. Only when you enable
the feature can you view and configure the attack defense feature. If the attack defense is enabled, the device
and the internal network will be defended according to the predefined policies. You can add new defense policies
as required.
Procedure
(1) Choose Firewall > Attack Defense Config > Attack Defense.
(2) Select Enable to enable the attack defense feature and click Save.
2. Global Defense
Global defense is designed to defend the router. The global defense limits the establishment speed of sessions
to ensure efficient utilization of router resources. You can enable global defense to prevent resource exhaustion
attacks or DoS attacks.
Procedure
(1) Choose Firewall > Attack Defense Config > Global Defense.
(2) Click Start and the device will obtain an optimal protection threshold that fits the current network through
automatic learning.
Caution
To guarantee better effects of the learned policy, please ensure that the automatic learning period
includes the traffic peak period.
The default learning period is seven days. You can suspend the learning period or set a new period as
required.
You are advised to make the device relearn and apply new learning results after the network is changed.
To Next Page
Loading...
Need help?
General
