Table of Contents
Advertisement
ServerIron ADX Security Guide
53-1002440-03
Translation timeouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104
Stateless static IP NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Redundancy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105
Displaying NAT information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Clearing NAT entries from the table . . . . . . . . . . . . . . . . . . . . . . . . .112
Chapter 5
Understanding Syn-Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
Configuring Syn-Proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114
DDoS protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124
Configuring the NAT translation aging timer . . . . . . . . . . . . . .104
Enabling IP NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .106
Enabling static NAT redundancy . . . . . . . . . . . . . . . . . . . . . . . .106
Enabling dynamic NAT redundancy . . . . . . . . . . . . . . . . . . . . . 107
Displaying NAT statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108
Displaying NAT translation. . . . . . . . . . . . . . . . . . . . . . . . . . . . .110
Displaying NAT redundancy information. . . . . . . . . . . . . . . . . .111
Displaying VRRPE information . . . . . . . . . . . . . . . . . . . . . . . . .112
Syn-Proxy auto control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
113
Setting a minimum MSS value for SYN-ACK packets . . . . . . . 117
Configuring Syn-Proxy auto control . . . . . . . . . . . . . . . . . . . . . .120
Displaying Syn-Proxy Commands . . . . . . . . . . . . . . . . . . . . . . .121
Configuring a security filter . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
Configuring a Generic Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
Configuring a rule for common attack types. . . . . . . . . . . . . .127
Configuring a rule for ip-option attack types . . . . . . . . . . . . . .129
Configuring a rule for icmp-type options . . . . . . . . . . . . . . . . .130
Configuring a rule for IPv6 ICMP types . . . . . . . . . . . . . . . . . . .131
Configuring a rule for IPv6 ext header types . . . . . . . . . . . . . .132
Binding the filter to an interface . . . . . . . . . . . . . . . . . . . . . . . .133
Clearing DOS attack statistics. . . . . . . . . . . . . . . . . . . . . . . . . .133
Clearing all DDOS Filter & Attack Counters . . . . . . . . . . . . . . .133
Logging for DoS attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Displaying security filter statistics . . . . . . . . . . . . . . . . . . . . . .134
Address-sweep and port-scan logging . . . . . . . . . . . . . . . . . . .134
ix
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Brocade Communications Systems ServerIron ADX 12.4.00a
Related Products for Brocade Communications Systems ServerIron ADX 12.4.00a
- Brocade Communications Systems ServerIron ADX 12.4.00
- Brocade Communications Systems ServerIron ADX 1000F
- Brocade Communications Systems A7533A - Brocade 4Gb SAN Switch Base
- Brocade Communications Systems AE370A - Brocade 4Gb SAN Switch 4/12
- Brocade Communications Systems AA979A - StorageWorks SAN Switch 2/8V
- Brocade Communications Systems A7990A - StorageWorks SAN Director 4/16 Blade Switch
- Brocade Communications Systems AP7420 Series
- Brocade Communications Systems ServerIron ADX
- Brocade Communications Systems AM866A - StorageWorks 8/8 Base SAN Switch
- Brocade Communications Systems SMI Agent 120.11.0
- Brocade Communications Systems Access Gateway
- Brocade Communications Systems Network Advisor SMI Agent 12.0.0
- Brocade Communications Systems 200E Series
- Brocade Communications Systems 300
- Brocade Communications Systems 4100 Series
- Brocade Communications Systems 48000