No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR500, AR510, AR531, AR550, AR1500, and AR2500 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Traffic Statistics Collection and Monitoring

Traffic Statistics Collection and Monitoring

A firewall not only monitors data traffic, but also detects the setup of connections between internal and external networks, generates statistics, and analyzes the data. The firewall can use software to analyze the logs after events occur and can also analyze the data in real time.

By checking whether the number of TCP/UDP sessions initiated from external networks to the internal network exceeds the threshold, the firewall decides whether to restrict new sessions from external networks to the internal network or to an IP address in the internal network.

Figure 5-17 shows an application of the firewall. The IP address-based statistics function is enabled for the packets from external networks to the internal network. If the number of TCP sessions initiated by external networks to web server 10.1.9.1 exceeds the threshold, the firewall device rejects new sessions initiated from the external network until the number of sessions is smaller than the threshold.

Figure 5-17  Setup of TCP connections

The device supports system-level, zone-level, and IP address-level traffic statistics collection and monitoring.

System-Level Traffic Statistics Collection and Monitoring

System-level traffic statistics collection and monitoring take effect on all the data flows in interzones with the firewall feature enabled. That is, the firewall device collects statistics about the ICMP, TCP, and UDP sessions in the interzones. When the number of sessions exceeds the threshold, the device restricts the sessions until the number of sessions falls within the threshold.

Zone-Level Traffic Statistics Collection and Monitoring

The zone-level traffic statistics collection and monitoring take effect on the data flows between zones. That is, the firewall device counts the total number of TCP and UDP sessions between the local zone and other zones. When the number of connections between the local zone and all the other zones or the number of connections in a certain direction exceeds the threshold, the device rejects new sessions until the number of sessions falls within the threshold.

IP Address-Level Traffic Statistics Collection and Monitoring

The IP address-level traffic statistics collection and monitoring count and monitor the TCP and UDP sessions set up on an IP address in a zone. The firewall device determines whether to restrict the connections in a certain direction by checking whether the number of the TCP or UDP connection requests sent from a source IP address (or received by a destination address) exceeds the threshold. This function prevents DoS caused by the malicious attacks or busy systems.

When the number of TCP and UDP sessions falls below the threshold, the source IP address can initiate sessions and the destination address can receive sessions.

Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034236

Views: 95590

Downloads: 58

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next