3.10.6 Checking the Configuration
After the attack defense is configured, you can view information about attack defense.
Procedure
l Run the display firewall defend { flag | { icmp-flood | syn-flood | udp-flood } [ ip [ ip-
address [ vpn-instance vpn-instance-name ] ] | zone [ zone-name ] ] | other-attack-type }
command to view information about attack defense.
----End
Example
Run the display firewall defend { flag | { icmp-flood | syn-flood | udp-flood } [ ip [ ip-
address [ vpn-instance vpn-instance-name ] ] | zone [ zone-name ] ] | other-attack-type }
command to view information about attack defense.
# View the status of each attack defense function.
<Huawei> display firewall defend flag
--------------------------------
Type Flag
--------------------------------
land : disable
smurf : disable
fraggle : disable
winnuke : disable
syn-flood : disable
udp-flood : disable
icmp-flood : disable
icmp-redirect : disable
icmp-unreachable : disable
ip-sweep : disable
port-scan : disable
tracert : disable
ping-of-death : disable
teardrop : disable
tcp-flag : disable
ip-fragment : disable
large-icmp : disable
--------------------------------
# View the configuration of IP address sweep attack defense.
<Huawei> display firewall defend ip-sweep
defend-flag : disable
max-rate : 4000 (pps)
blacklist-expire-time : 20 (m)
3.11 Configuring Traffic Statistics and Monitoring
The AR1200-S supports traffic statistics and monitoring at the system level, zone level, and IP
address level.
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security 3 Firewall Configuration
Issue 02 (2012-03-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
72
To Next Page
Loading...
