firewall defend ip-sweep enable

By default, the IP sweeping attack defense is disabled.

After you configure IP address sweeping attack defense, the FW detects the received TCP, UDP, and ICMP packets. If the number of packets with different destination ports from a specific source IP address per second exceeds the threshold, the FW determines that the host at this IP address launches IP address sweeping attacks, blacklists this IP address, and processes the packets as follows:

• If the blacklist function is enabled ( firewall blacklist enable ) on the FW, the FW discards the packets from this IP address.
• If the blacklist function is disabled on the FW, but the firewall defend action discard command is executed, the system will still generate alarms and discards the packets.

If a source IP address is whitelisted, IP sweep attack defense will not be implemented for the source IP address.

In NAT or proxy scenarios, one IP address may be used to access different destination IP addresses. Therefore, do not enable this function.