UCM6200 Series User Manual
Click on to edit the rule
Click on to delete the rule
Dynamic Defense
Dynamic defense is supported on the UCM6200 series. It can blacklist hosts dynamically when the LAN mode
is set to "Route" under web GUI->Settings->Network Settings->Basic Settings page. If enabled, the traffic
coming into the UCM6200 can be monitored, which helps prevent massive connection attempts or brute force
attacks to the device. The blacklist can be created and updated by the UCM6200 firewall, which will then be
displayed in the web page. Please refer to the following table for dynamic defense options on the UCM6200.
Table 17: UCM6200 Firewall Dynamic Defense
Enable dynamic defense. The default setting is disabled.
Configure the dynamic defense periodic time interval (in minutes). If the number
of TCP connections from a host exceeds the connection threshold within this
period, this host will be added into Blacklist. The valid value is between 1 and
59 when dynamic defense is turned on. The default setting is 59.
Blacklist Update
Interval
Configure the blacklist update time interval (in seconds). The default setting is
120.
Configure the connection threshold. Once the number of connections from the
same host reaches the threshold, it will be added into the blacklist. The default
setting is 100.
Dynamic Defense
Whitelist
Allowed IPs and ports range, multiple IP addresses and port range.
For example,
192.168.5.100-
192.168.5.200 1500:2000
The following figure shows a configuration example like this:
If a host at IP address 192.168.5.7 initiates more than 20 TCP connections to the UCM6200 within 1 minute,
it will be added into UCM6200 blacklist.
This host 192.168.5.7 will be blocked by the UCM6200 for 500 seconds.
Since IP range 192.168.5.100-192.168.5.200 is in whitelist, if a host initiates more than 20 TCP connections
to the UCM6200 within 1 minute, it will not be added into UCM6200 blacklist. It can still establish TCP
connection with the UCM6200.
To Next Page
Loading...
