Login
- Table of Contents
-
- 04-Policies
- 01-Security policy
- 02-Security policy redundancy analysis
- 03-Security policy hit analysis
- 04-Security policy optimization
- 05-Attack defense
- 06-Risk analysis
- 07-Blacklist
- 08-Connection limit
- 09-uRPF
- 10-IPCAR
- 11-IP reputation
- 12-Domain reputation
- 13-Application audit
- 14-Bandwidth management
- 15-Server connection detection
- 16-Application proxy
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 15-Server connection detection | 99.27 KB |
This help contains the following topics:
Introduction
Server connection detection (SCD) enables the device to identify and classify legal and illegal connections initiated by given servers based on user-defined rules. This helps the administrators to monitor internal servers and prevent them from becoming part of a botnet and launching attacks or performing internal network penetration.
Configure SCD
SCD configuration involves the following tasks:
· Configure SCD learning—Configure the device to learn connections initiated by given servers. The learning results provide the basis for administrators to create SCD policies to monitor and log illegal connections initiated by the servers.
· Configure SCD policies—Create an SCD policy for a server and configure SCD rules to define the legal connections initiated by the server. The device can then log connections initiated by the server that do not match the SCD rules.
Configure SCD learning
Perform this task to enable the device to learn connections initiated by given servers.
Procedure
1. Click the Policies tab.
2. In the navigation pane, select Server Connection Detection.
3. Click the SCD Learning tab.
4. Enter the IP addresses of the servers for server-initiated connection learning and set the learning period.
5. Click Start.
The device starts to learn the connections initiated by the specified servers for the specified learning period and displays the learning results in a list.
6. To set a server-initiated connection as a legal connection, select the connection and click Create SCD rule.
The device automatically creates an SCD policy for the server and creates an SCD rule for the selected server connection in the policy.
Configure an SCD policy
Perform this task to create an SCD policy.
Procedure
1. Click the Policies tab.
2. In the navigation pane, select Server Connection Detection.
3. Click the SCD Policy tab.
4. Click Create.
5. Create an SCD policy.
Table 1 SCD policy configuration items
|
Item |
Description |
|
Policy name |
Enter a name for the SCD policy. |
|
Server address |
Enter a server IP address. The SCD policy will monitor connections initiated by the server. |
|
Enable policy |
Select whether to enable the SCD policy. |
|
Logging |
Select whether to log connections initiated by the server that do not match any SCD rules. |
|
SCD rules |
Each SCD rule defines a set of legal connections initiated by the server. Connections initiated by the server that do not match any SCD rules are considered illegal. To create an SCD rule: 1. Click Create. 2. Enter the destination IP address for the connections. 3. Set the protocols and port numbers for the connections. · A minimum of one protocol must be configured for an SCD rule. 4. Click OK. |
