DefensePro User Guide
Security Configuration
Document ID: RDWR-DP-V0602_UG1201
145
Before you configure rules and profiles for the network-protection policy, ensure that you have
enabled all the required protections and configured the corresponding global protection parameters
in the Security Settings tab.
Configuring the Network Protection Policy
Each rule in a network-protection policy consists of two parts:
•
The classification that defines the protected network segment.
•
The action to be applied when an attack is detected on the matching network segment. The
action defines the protection profiles to be applied to the network segment, and whether the
malicious traffic should be blocked. Malicious traffic is always reported.
Before you configure a rule, ensure that you have configured the following:
•
The Classes that will be required to define the protected network segment. For more
information, see
•
The Network Protection profiles. For more information see:
—
Configuring Signature Protection for Network Protection, page 149
—
Configuring BDoS Profiles for Network Protection, page 168
—
Configuring Anti-Scanning Protection for Network Protection, page 170
—
Configuring Connection Limit Profiles for Network Protection, page 173
—
Configuring SYN Profiles for Network Protection, page 177
—
Configuring Connection PPS Limit Profiles for Network Protection, page 182
—
Configuring DNS Protection Profiles for Network Protection, page 184
Caution:
When you configure the policy, APSolute Vision stores your configuration changes, but
it does not download your configuration changes to the device. To apply changes onto
the device, you must activate the configuration changes.
To configure a network-protection rule
1. In the Configuration perspective Network Protection tab navigation pane, select Network
Protection Rules.
2. To add or modify a network-protection rule, do one of the following:
—
To add an entry to the table, click the
(Add) button.
—
To edit an entry in the table, double-click the entry.
SYN Protection
Prevents SYN flood attacks using SYN cookies.
Connection PPS Limit
Protects against DoS attacks that use a high PPS rate in a certain
connection.
DoS Shield
Protects against known flood attacks and flood attack tools that cause a
denial of service effect.
DNS Protection
Detects and prevents zero-day DNS-flood attacks.
Table 75: Denial of Service Protections
Protection
Description
Summary of Contents for DefensePro 6.02
Page 1: ...DefensePro User Guide Software Version 6 02 Document ID RDWR DP V0602_UG1201 January 2012 ...
Page 2: ...DefensePro User Guide 2 Document ID RDWR DP V0602_UG1201 ...
Page 20: ...DefensePro User Guide 20 Document ID RDWR DP V0602_UG1201 ...
Page 28: ...DefensePro User Guide Table of Contents 28 Document ID RDWR DP V0602_UG1201 ...
Page 116: ...DefensePro User Guide Device Network Configuration 116 Document ID RDWR DP V0602_UG1201 ...
Page 302: ...DefensePro User Guide Real Time Security Reporting 302 Document ID RDWR DP V0602_UG1201 ...
Page 308: ...DefensePro User Guide Administering DefensePro 308 Document ID RDWR DP V0602_UG1201 ...
Page 324: ...DefensePro User Guide Troubleshooting 324 Document ID RDWR DP V0602_UG1201 ...