No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Enabling the Attack Defense Function

Enabling the Attack Defense Function

Context

The attack defense function protects the CPU of a server against attacks to ensure that the server operates normally when it is attacked. You can enable different types of attack defense as required.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Enable attack defense.

    • Run firewall defend all enable

      All the attack defense functions are enabled.

    • Run firewall defend fraggle enable

      The Fraggle attack defense is enabled.

    • Run firewall defend icmp-flood enable

      The ICMP Flood attack defense is enabled.

    • Run firewall defend icmp-redirect enable

      The ICMP Redirect attack defense is enabled.

    • Run firewall defend icmp-unreachable enable

      The ICMP Unreachable attack defense is enabled.

    • Run firewall defend ip-fragment enable

      The IP-Fragment attack defense is enabled.

    • Run firewall defend ip-sweep enable

      The IP address sweeping attack defense is enabled.

    • Run firewall defend land enable

      The Land attack defense is enabled.

    • Run firewall defend large-icmp enable

      The large ICMP packet attack defense is enabled.

    • Run firewall defend ping-of-death enable

      The Ping of Death attack defense is enabled.

    • Run firewall defend port-scan enable

      The port scanning attack defense is enabled.

    • Run firewall defend smurf enable

      The Smurf attack defense is enabled.

    • Run firewall defend syn-flood enable

      The SYN Flood attack defense is enabled.

    • Run firewall defend tcp-flag enable

      The TCP flag attack defense is enabled.

    • Run firewall defend teardrop enable

      The Teardrop attack defense is enabled.

    • Run firewall defend tracert enable

      The Tracert attack defense is enabled.

    • Run firewall defend udp-flood enable

      The UDP Flood attack defense is enabled.

    • Run firewall defend winnuke enable

      The WinNuke attack defense is enabled.

    By default, no attack defense function is enabled.

Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100034077

Views: 126107

Downloads: 231

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next