Security Protection

Attack Defense

The FW provides attack defense functions to detect network attacks and to protect intranets against possible attacks.

Ping Proxy

This section describes ping proxy and its configuration method.

New Session Suppression

This section describes how to configure the functions for limiting new connection rate of a single IP address and new session rate.

Blacklist

If a user or IP address is untrustworthy, you can manually add the user or IP address to the blacklist. The FW then discards all packets from or to the user or IP address.

Whitelist

If the traffic from an IP address is trustworthy, the IP address can be added to the whitelist. Then, the FW directly forwards the packets from the IP address without implementing the blacklist checks, content filtering, and DDoS checks.

IP-MAC Binding

Binding IP addresses with MAC addresses can effectively defend against attacks such as IP address spoofing and ARP spoofing attacks.

ASPF/ALG

URPF

You can use Unicast Reverse Path Forwarding (URPF) on inbound interfaces of the FW to protect a network from the source address spoofing attack.

IDS Interworking

IDS interworking enhances network security and improves the intrusion detection and analysis capabilities of firewalls.

HiSec Insight Interworking

SACG Interworking

This section describes what interworking with the Agile Controller is and how to configure it.

SCTP

This section describes the Stream Control Transmission Protocol (SCTP) and its configurations.

Network Deception

This feature detects scanning behavior on the network and deceives suspicious traffic to a Decoy for in-depth interaction detection.