Table of Contents
Advertisement
Firewall
Service
Forward / Block the
matched packet
Action
Don't log / Log the
matched packet
Step 4 ¡ Ð
View the Firewall Log
You can go to DEVICE Status>Firewall Logs
>Firewall Logs to view the firewall logs. If you
prefer to download these logs, please click the
"Download To Local" button to save the logs to
localhost.
7.4.2 Setup Alert detected attack
Step 1 ¡ Ð
Setup Attack Alert
With the Firewall enabled, the DFL-900 is already
equipped with an Anti-DoS engine within it.
Normal DoS attacks will show up in the log when
detecting and blocking such traffic. However,
Flooding attacks require extra parameters to
recognize. Check the Enable Alert when
attack detected checkbox. Enter 100 in the
One Minute High means that DFL-900 starts to
generate alerts and delete the half-open states if
100 half-open states are established in the last
minute. Enter 100 in the Maximum Incomplete
High means that DFL-900 starts to generate
alerts and delete half-open states if the current
number of half-open states reaches 100. Enter
10 in the TCP Maximum Incomplete means that
DFL-900 starts to generate alerts and delete
half-open states if the number of half-open states
towards a server (SYN-Flooding attack) reaches
10. Check the Blocking time if you want to
stop the traffic towards the server. During this
blocking time, the server can digest the loading.
FIELD
Enable Alert when attack detected
Verified the service of packet is belong to each TCP¡ B UDP¡ B
ICMP.
If packet is matched the rule condition, Forward or Block this
matched packet?
If packet is matched the rule condition, Log or Don't log this
matched packet?
Table 7-1 Insert a Firewall rule
DEVICE Status > Firewall Logs > Firewall Logs
ADVANCED SETTINGS > Firewall > Attack Alert
DESCRIPTION
Enable the firewall alert to detect Denial of Service (DoS)
attack.
Denial of Service Thresholds
41
DFL-900 User Manual
Any
Block
Log
EXAMPLE
Enabled
Advertisement
Table of Contents
