After receiving a SYN message from a client to a protected server, the TCP proxy sends back a
SYN ACK message with the window size of 0 on behalf of the server. If the client is legitimate, the
TCP proxy receives an ACK message. Upon receiving an ACK message from the client, the TCP
proxy sets up a connection between itself and the server through a three-way handshake on behalf
of the client. Thus, two TCP connections are established, and the two connections use different
In bidirectional proxy mode, the TCP proxy plays two roles: a virtual server that communicates with
clients and a virtual client that communicates with servers. To use this mode, you must deploy the
TCP proxy on the key path that passes through the ingress and egress of the protected servers, and
make sure all packets that the clients send to the server and all packets that the servers send to the
clients pass through the TCP proxy device.
Attack detection and protection configuration task
The attack detection and protection configuration tasks include three categories:
Configuring attack protection functions for an interface. To do so, you need to create an attack
protection policy, configure the required attack protection functions (such as Smurf attack protection,
scanning attack protection, and flood attack protection) in the policy, and then apply the policy to
the interface. There is no specific configuration order for the attack functions, and you can configure
them as needed.
Configuring a TCP proxy when the SYN flood attack protection policy specifies the processing
method for SYN flood attack packets as TCP proxy.
Configuring the blacklist function. This function can be used independently or used in conjunction
with the scanning attack protection function on an interface.
Enabling the traffic statistics function. This function can be used independently.
Complete the following tasks to configure attack detection and protection:
protection functions for
Configuring TCP proxy
Configuring the blacklist function
Enabling traffic statistics on an interface
Creating an attack protection policy
Configuring an attack protection
Configuring a single-packet attack protection policy
Configuring a scanning attack protection policy
Configuring a flood attack protection policy
Applying an attack protection policy to an interface
Configure one or
more policies as