switch.
5.
Click Check Switch to verify that the firewall can communicate with the switch and the
community string is correct.
6.
Click OK
Add the firewall's management interface into the exclude list:
1.
Go to: Policies > Intrusion Prevention > ZoneDefense > Exclude list
2.
For Addresses choose the object name of the firewall's interface address 192.168.1.1 from
the Available list and put it into the Selected list.
3.
Click OK
Configure an HTTP threshold of 10 connections/second:
1.
Go to: Policies > Traffic Management > Threshold Rules > Add > Threshold Rule
2.
For the Threshold Rule enter:
•
Name: HTTP-Threshold
•
Service: http
3.
For Address Filter enter:
•
Source Interface: Enter the firewall's management interface
•
Destination Interface: any
•
Source Network: 192.168.2.0/24 (or the address object name)
•
Destination Network: all-nets
4.
Click OK
Specify the threshold, the threshold type and the action to take if exceeded:
1.
Go to: Add > Threshold Action
2.
Configure the Threshold Action as follows:
•
Action: Protect
•
Group By: Host-based
•
Threshold: 10
•
Set the units for the threshold value to be Connections/Second
•
Tick the Use ZoneDefense checkbox
•
Click OK
847
Chapter 12: ZoneDefense