HP MSR SERIES - Attack Protection Configuration Examples; Attack Protection Configuration Example for MSR90020-1 X

To Next Page

To Previous Page

164

Figure 163 Add an intrusion detection policy

Attack protection configuration examples

Attack protection configuration example for MSR900/20-1X

Network requirements

As shown in Figure 164, internal users Host A, Host B, and Host C access the Internet through Router. The

network security requirements are as follows:

• Router always drops packets from Host D, an attacker.

• Router denies packets from Host C for 50 minutes for temporary access control of Host C.

• Router provides scanning attack protection and automatically adds detected attackers to the

blacklist.

• Router provides Land attack protection and Smurf attack protection.

Main Page

Table of Contents3
Web Overview18
- Logging in to the Web Interface18
- Logging out of the Web Interface19
- Introduction to the Web Interface19
- User Level21
- Introduction to the Web-Based NM Functions21
- Common Web Interface Elements35
- Managing Web-Based NM through CLI38
  - Enabling/Disabling Web-Based NM38
  - Managing the Current Web User39
- Configuration Guidelines39
- Troubleshooting Web Browser39
  - Cannot Access the Device through the Web Interface39
Displaying Device Information43
- Displaying Device Information44
- Displaying Broadband Connection Information44
- Displaying 3G Wireless Card State44
- Displaying LAN Information45
- Displaying WLAN Information45
- Displaying Service Information45
- Displaying Recent System Logs45
- Managing Integrated Services46
Basic Services Configuration47
- Configuring Basic Services47
Configuring WAN Interfaces60
- Configuring an Ethernet Interface60
- Configuring an SA Interface63
- Configuring an ADSL/G.SHDSL Interface65
  - Overview65
  - Configuration Procedure65
- Configuring a CE1/PRI Interface68
  - Overview68
  - Configuration Procedure69
- Configuring a CT1/PRI Interface71
- Displaying Interface Information and Statistics72
Configuring Vlans74
- Overview74
- Configuring a VLAN and Its VLAN Interface74
- Configuration Guidelines78
Wireless Configuration Overview79
- Overview79
- Configuration Task List79
Configuring Wireless Services80
- Configuring Wireless Access Service80
- Displaying Wireless Access Service95
- Wireless Access Service Configuration Examples102
Client Mode119
- Enabling the Client Mode119
  - Connecting the Wireless Service120
  - Displaying Statistics121
- Client Mode Configuration Example122
Configuring Radios124
- Configuring Data Transmit Rates128
  - Configuring 802.11A/802.11B/802.11G Rates128
  - Configuring 802.11N MCS129
- Displaying Radio129
  - Displaying WLAN Services Bound to a Radio129
  - Displaying Detailed Radio Information130
Configuring WLAN Security132
- Blacklist and White List132
- Configuring the Blacklist and White List Functions132
- Configuring User Isolation134
Configuring WLAN Qos136
- Configuring Wireless Qos136
- Wireless Qos Configuration Example144
Configuring Advanced Settings149
- Setting a District Code149
- Channel Busy Test149
Managing a 3G Modem151
- Displaying 3G Modem Information151
- Configuring the Cellular Interface154
- Managing the PIN155
- Rebooting the 3G Modem155
Configuring NAT157
- Overview157
- Recommended Configuration Procedure157
- Configuring Dynamic NAT157
- Configuring a DMZ Host159
  - Creating a DMZ Host159
  - Enabling DMZ Host on an Interface159
- Configuring an Internal Server160
- Enabling Application Layer Protocol Check162
- Configuring Connection Limit162
- NAT Configuration Examples163
  - Internal Hosts Accessing Public Network Configuration Example163
  - Internal Server Configuration Example165
Configuring Access Control169
- Configuration Procedure169
- Access Control Configuration Example170
Configuring URL Filtering172
- Configuration Procedure172
- URL Filtering Configuration Example173
Configuring Attack Protection175
- Overview175
  - Blacklist Function175
  - Intrusion Detection Function175
- Configuring the Blacklist Function177
- Configuring Intrusion Detection179
- Attack Protection Configuration Examples181
  - Attack Protection Configuration Example for MSR900/20-1X181
  - For MSR20/30/50/93X/1000 Routers184
Configuring Application Control188
- Recommended Configuration Procedure188
- Application Control Configuration Example191
Webpage Redirection Configuration193
- Overview193
- Configuring Webpage Redirection193
Configuring Routes195
- Overview195
- Creating an Ipv4 Static Route195
- Displaying the Active Route Table196
- Ipv4 Static Route Configuration Example197
- Configuration Guidelines200
Configuring User-Based Load Sharing201
- Overview201
- Configuration Procedure201
Configuring Traffic Ordering203
- Overview203
- Recommended Configuration Procedure203
- Setting the Traffic Ordering Interval204
- Specifying the Traffic Ordering Mode204
- Displaying Internal Interface Traffic Ordering Statistics204
- Displaying External Interface Traffic Ordering Statistics205
Configuring DNS206
- Overview206
- Recommended Configuration Procedure206
  - Configuring Dynamic Domain Name Resolution206
  - Configuring DNS Proxy207
- Enabling Dynamic Domain Name Resolution207
- Enabling DNS Proxy207
- Clearing the Dynamic Domain Name Cache208
- Specifying a DNS Server208
- Configuring a Domain Name Suffix208
- Domain Name Resolution Configuration Example209
Configuring DDNS214
- Overview214
- Configuration Prerequisites215
- Configuration Procedure215
- DDNS Configuration Example216
Configuring DHCP219
- Introduction to DHCP219
- Recommended Configuration Procedure220
- Configuration Guidelines221
- Enabling DHCP221
- Configuring DHCP Interface Setup222
- Configuring a Static Address Pool for the DHCP Server223
- Configuring a Dynamic Address Pool for the DHCP Server225
- Configuring IP Addresses Excluded from Dynamic Allocation227
- Configuring a DHCP Server Group228
- DHCP Configuration Examples229
  - DHCP Configuration Example Without DHCP Relay Agent230
  - DHCP Relay Agent Configuration Example237
Configuring Acls243
- Overview243
- Recommended Ipv4 ACL Configuration Procedure243
- Configuration Guidelines244
- Adding an Ipv4 ACL244
- Configuring a Rule for a Basic Ipv4 ACL245
- Configuring a Rule for an Advanced Ipv4 ACL246
- Configuring a Rule for an Ethernet Frame Header ACL249
Configuring Qos252
- Overview252
- Configuring Subnet Limit253
- Configuring Advanced Limit254
- Configuring Advanced Queue257
  - Configuring Interface Bandwidth257
  - Configuring Bandwidth Guarantee258
- Qos Configuration Examples261
  - Subnet Limit Configuration Example261
  - Advanced Queue Configuration Example262
- Appendix Packet Precedences265
Configuring SNMP268
- Overview268
- SNMP Agent Configuration Task List268
- Snmpv1/V2C Configuration Example279
- Snmpv3 Configuration Example283
Configuring Bridging289
- Overview289
- Configuring Bridging293
- Bridging Configuration Example295
Configuring User Groups299
- User Group Configuration Task List299
Configuring MSTP314
- How STP Works315
- Introduction to RSTP321
  - MSTP Basic Concepts322
  - How MSTP Works326
- Recommended MSTP Configuration Procedure327
- Configuring MSTP Globally329
- Configuring MSTP on a Port332
- MSTP Configuration Example334
- RADIUS Configuration Example344
- Configuration Guidelines349
Configuring Login Control351
- Login Control Configuration Example352
  - Configuring a Login Control Rule so Host B Cannot Access Router through the Web353
Configuring ARP355
- Creating a Static ARP Entry356
- Enabling Learning of Dynamic ARP Entries357
- Configuring Gratuitous ARP358
Configuring ARP Attack Protection363
- Configuring ARP Automatic Scanning364
- Configuring Fixed ARP365
Configuring Ipsec VPN367
- Configuring an Ipsec Connection368
- Displaying Ipsec VPN Monitoring Information375
- Ipsec VPN Configuration Example376
- Configuration Guidelines378
Configuring L2TP380
- Enabling L2TP381
- Displaying L2TP Tunnel Information387
Configuring GRE392
- GRE over Ipv4 Tunnel Configuration Example394
SSL VPN Overview401
- Advantages of SSL VPN402
Configuring SSL VPN Gateway403
- Configuring the SSL VPN Service404
- Configuring Web Proxy Server Resources406
- Configuring TCP Application Resources408
- Configuring IP Network Resources415
- Configuring a Resource Group420
- Configuring Local Users422
  - Importing Local Users in Bulk424
  - Configuring a User Group425
- Viewing User Information427
- Performing Basic Configurations for the SSL VPN Domain428
  - Configuring the Caching Policy430
- Configuring Authentication Policies431
- Configuring a Security Policy437
- Customizing the SSL VPN User Interface441
  - Customizing the SSL VPN Interface Fully443
User Access to SSL VPN444
- Accessing SSL VPN Resources445
- Getting Help Information446
SSL VPN Configuration Example448
- Configuration Procedure449
- Configuring SSL VPN Resources452
- Configuring SSL VPN Users457
- Configuring an SSL VPN Domain460
- Verifying the Configuration462
Managing Certificates465
- Recommended Configuration Procedure for Manual Request466
- Recommended Configuration Procedure for Automatic Request467
- Creating a PKI Entity468
- Creating a PKI Domain469
- Generating an RSA Key Pair472
- Destroying the RSA Key Pair473
- Requesting a Local Certificate475
- Retrieving and Displaying a CRL476
Managing the System491
- Restoring Factory Defaults492
- Restoring Configuration493
- Backing up and Restoring Device Files through the USB Port494
- Rebooting the Device495
- Managing Services496
- Managing Users498
  - Setting the Super Password499
  - Switching to the Management Level500
- Configuring System Time501
  - Setting the Time Zone and Daylight Saving Time503
- Configuring TR-069504
  - TR-069 Network Framework505
    - Configuration Procedure507
    - Configuration Guidelines508
  - Upgrading Software (for the MSR20/30/50/93X/1000)509
Configuring SNMP (Lite Version)511
- SNMP Configuration Examples513
- Snmpv3 Configuration Example515
Configuring Syslogs517
- Setting the Log Host518
- Setting Buffer Capacity and Refresh Interval519
Using Diagnostic Tools521
- Ping Operation522
Configuring Winet524
- Setting the Background Image for the Winet Topology Diagram525
- Managing Winet526
- Configuring a RADIUS User528
- How the Guest Administrator Obtains the Guest Password530
- Winet Configuration Example531
  - Winet-Based RADIUS Authentication Configuration Example535
Configuration Wizard539
- Configuring Local Numbers540
- Configuring Connection Properties541
Local Number and Call Route542
- Basic Settings543
Basic Settings544
- Configuring a Call Route545
- Configuration Examples of Local Number and Call Route548
Fax and Modem569
- Introduction to Fax Methods570
- Configuring Fax and Modem571
- Configuring Fax and Modem Parameters of a Call Route574
Call Services576
- Call Transfer577
- Silent Monitor and Barge in Services578
- CID on the FXO Voice Subscriber Line579
- Configuring Other Voice Functions581
- Configuring Call Services of a Call Route583
- Call Services Configuration Examples584
Advanced Settings599
- Other Parameters603
- Configuring Other Parameters of a Local Number605
- Configuring Advanced Settings of a Call Route606
  - Configuring Other Parameters for a Call Route607
- Advanced Settings Configuration Example608
SIP-To-SIP Connections610
- Configuring Signaling Parameters for SIP-To-SIP Connections611
Configuring Dial Plans613
- Regular Expression614
- Dial Plan Functions616
  - Call Control617
- Configuring Dial Plan618
  - Configuring Call Control619
  - Configuring Number Substitution623
- Dial Plan Configuration Examples625
Call Connection645
- Functions and Features of SIP646
- SIP Messages647
- Support for Transport Layer Protocols650
  - Signaling Encryption651
  - TLS-SRTP Combinations652
Configuring SIP Connections653
- Configuring Proxy Server655
- Configuring SIP Listening657
- Configuring Media Security658
- Configuring Caller Identity and Privacy659
- Configuring SIP Session Refresh660
- Configuring Advanced Settings662
- Configuring Registration Parameters663
- Configuring Voice Mailbox Server665
- Configuring Signaling Security666
- Configuring Call Release Cause Code Mapping667
Managing SIP Server Groups674
- Configuring the Keep-Alive Mode675
- Configuring the Source Address Binding Mode676
- Configuring Server Information Management677
Configuring SIP Trunk679
- Features680
- Protocols and Standards681
- Enabling the SIP Trunk Function682
  - Configuring a Call Route for Outbound Calls684
  - Configuring Fax and Modem Parameters of the Call Route of a SIP Trunk Account686
- Configuring Media Parameters for SIP-To-SIP Connections688
- Configuring Signaling Parameters for SIP-To-SIP Connections689
- Configuring a Call Route for Inbound Calls690
  - Configuring a SIP Server Group with Multiple Member Servers696
  - Configuring Call Match Rules699
Managing Data Links702
- E1 and T1 Interfaces703
- Features of E1 and T1704
- Configuring Digital Link Management705
Managing Lines720
- One-To-One Binding between FXS and FXO Voice Subscriber Lines722
- Line Management Configuration Examples736
  - Configuring One-To-One Binding between FXS and FXO737
- Configuring SIP Local Survival745
Configuring SIP Local Survival746
- User Management747
- Trusted Nodes748
- Area Prefix749
- Call Authority Control750
- SIP Local Survival Configuration Examples751
Configuring IVR767
- Successive Jumping768
- Importing a Media Resource through an Moh Audio Input Port769
- Configuring the Global Key Policy770
- Configuring IVR Nodes771
  - Configuring a Jump Node774
  - Configuring a Service Node776
- Configuring Access Number Management777
  - Configuring Advanced Settings for the Access Number778
- IVR Configuration Examples779
- Customizing IVR Services802
Advanced Configuration821
- VRF-Aware SIP822
- Batch Configuration823
States and Statistics839
- Displaying Detailed Information about Analog Voice Subscriber Lines840
- Call Statistics841
  - Displaying Active Call Summary842
- SIP UA States843
- Connection Status844
  - Displaying Number Subscription Status845
- SIP Trunk Account States846
  - Displaying Dynamic Contact States847
- IVR Information848
  - Displaying IVR Play States849
About the HP MSR Series Web-Based Configuration Guide850
Support and Other Resources852
- Conventions853
- Index855

HP MSR SERIES - Attack Protection Configuration Examples; Attack Protection Configuration Example for MSR90020-1 X

Table of Contents

Other manuals for HP MSR SERIES

Related product manuals