No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Web-based Configuration Guide

AR650, AR1600, and AR6100 V300R003

This document describes how to configure and maintain your routers using the web platform.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Attack Defense

Attack Defense

Context

The attack defense function protects the CPU from attacks and ensures the proper running of the server even when it is attacked.

To prevent flood attacks, you need to specify the zones or IP addresses to be protected; otherwise, the attack defense parameters are invalid. You can also specify the maximum session rate. When the session rate exceeds the limit, the device considers that an attack occurs and takes measures.

Procedure

  • Enabling or disabling the attack defense function
    1. Access the Attack Defense tab page.

      Log in to the web platform and choose Security > Firewall > Attack Defense, as shown in Figure 14-19.

      Figure 14-19  Configuring attack defense

    2. Enable or disable defense against SYN flood attacks, UDP flood attacks, or ICMP flood attacks in the Attack Defense area.
    3. Click Apply.

  • Creating an attack defense entry
    1. Access the Attack Defense tab page.

      Log in to the web platform and choose Security > Firewall > Attack Defense.

    2. Click Create in the Attack Defense List area and set parameters in the Create Attack Defense dialog box that is displayed, as shown in Figure 14-20. Table 14-7 describes the parameters. Only one of the parameters between IP address and Zone name can be set.

      Figure 14-20  Creating attack defense policy

    3. Click OK. An attack defense entry is added to the attack defense list.

      Table 14-7  Attack defense parameters

      Parameter

      Description

      Attack defense type

      The attack defense type can be SYN flood attack defense, UDP flood attack defense, or ICMP flood attack defense.

      IP address

      Protected IP address. The value is a valid IPv4 address.

      Zone name

      Protected zone. The zone must be an existing zone.

      Rate Limit (pps)

      Maximum session rate. The value is an integer that ranges from 1 to 65535, in seconds. The default value is 1000.

      TCP proxy status

      Status of the TCP proxy. The value can be Auto, Enabled, or Disabled.

      NOTE:

      This parameter is valid only for the SYN flood attack defense.

  • Modifying an attack defense entry
    1. Access the Attack Defense tab page.

      Log in to the web platform and choose Security > Firewall > Attack Defense.

    2. Click of an attack defense entry.
    3. In the Modify Attack Defense dialog box that is displayed, modify parameters listed in Table 14-7.The parameters are the same as those in Figure 14-20. The parameters Attack defense type, IP address, and Zone name cannot be modified.
    4. Click OK.
  • Deleting an attack defense entry
    1. Access the Attack Defense tab page.

      Log in to the web platform and choose Security > Firewall > Attack Defense.

    2. Select an attack defense entry and click Delete. In the Information dialog box that is displayed, click OK.
Download
Updated: 2019-04-12

Document ID: EDOC1100041803

Views: 31286

Downloads: 71

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next