DefensePro User Guide
Security Configuration
130
Document ID: RDWR-DP-V0602_UG1201
Startup Mode
The behavior of the device after startup. Out-of-State Protection
cannot be applied to existing traffic; therefore, the device can either
drop existing traffic and apply Out-of-State Protection to all new
traffic, or suspend Out-of-State Protection for a period of time, which
is used to learn traffic and sessions.
Values:
•
On—Start the protection immediately. Existing sessions are
dropped and only new sessions are allowed.
•
Off—Do not protect.
•
Graceful—Start the protection while maintaining existing
sessions for the time specified by the Startup Timer parameter.
Default: Graceful
Startup Timer
For Graceful startup mode, this parameter specifies the time, in
seconds, after startup when the device ignores Out-of-State
Protection and registers all sessions in the Session table, including
those whose initiation was not registered (for example, SYN with
TCP). After this time, the device drops new sessions whose initiation
was not registered (for example, SYN with TCP).
Values: 0–65,535
Default: 1800
Advanced Parameters
Enable Out of State Status
Enables the specified Action for Out-of-State Protection.
Default: Disabled
Action
The action that the device takes when it encounters out-of-state
packets.
Values: Block, Report Only
Default: Report Only
Activation Threshold
The rate, in PPS, of out-of-state packets above which the device
considers the packets to be part of a flood attack. When the device
detects an attack, it issues an appropriate alert and drops the out-of-
state packets that exceed the threshold. Packets that do not exceed
the threshold bypass the DefensePro device.
Default: 5000
Termination Threshold
The rate, in PPS, of out-of-state packets below which the device
considers the flood attack to have stopped; and the device resumes
normal operation.
Default: 4000
Packet Trace
Specifies whether the DefensePro device sends out-of-state packets
to the specified physical port.
Default: Disabled
Caution:
When this feature is enabled here, for the feature to take
effect, the global setting must be enabled
(Configuration perspective > Advanced
Parameters > Security Reporting Settings >
Enable Packet Trace). In addition, a change to this
parameter takes effect only after you update policies.
Parameter
Description
Содержание DefensePro 6.02
Страница 1: ...DefensePro User Guide Software Version 6 02 Document ID RDWR DP V0602_UG1201 January 2012 ...
Страница 2: ...DefensePro User Guide 2 Document ID RDWR DP V0602_UG1201 ...
Страница 20: ...DefensePro User Guide 20 Document ID RDWR DP V0602_UG1201 ...
Страница 28: ...DefensePro User Guide Table of Contents 28 Document ID RDWR DP V0602_UG1201 ...
Страница 116: ...DefensePro User Guide Device Network Configuration 116 Document ID RDWR DP V0602_UG1201 ...
Страница 256: ...DefensePro User Guide Managing Device Operations and Maintenance 256 Document ID RDWR DP V0602_UG1201 ...
Страница 274: ...DefensePro User Guide Monitoring DefensePro Devices and Interfaces 274 Document ID RDWR DP V0602_UG1201 ...
Страница 302: ...DefensePro User Guide Real Time Security Reporting 302 Document ID RDWR DP V0602_UG1201 ...
Страница 308: ...DefensePro User Guide Administering DefensePro 308 Document ID RDWR DP V0602_UG1201 ...
Страница 324: ...DefensePro User Guide Troubleshooting 324 Document ID RDWR DP V0602_UG1201 ...