Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X4500
161162163164165166167168169170
Default Threat Protection
156 Firebox X Edge e-Series
On the Firewall > Intrusion Prevention page, select the DoS Defense tab and set the packet/second
threshold for these types of DoS flood attacks:
IPSec flood attack
A DoS attack where the attacker overwhelms a computer system with a large number of IPSec
connections.
IKE flood attack
A DoS attack where the attacker overwhelms a computer system with a large number of IKE (Internet
Key Exchange) connections.
ICMP flood attack
A DoS attack where the attacker overwhelms a computer system with ICMP Echo Request (ping
packets).
SYN flood attack
A DoS attack where the attacker overwhelms a computer system with a large number of SYN
requests.
UDP flood attack
A DoS attack where the attacker overwhelms a computer system with a large number of UDP (User
Datagram Protocol) connections.
Distributed denial-of-service prevention
Use the Distributed DoS prevention feature to set limits for server and client traffic. Use the Server Quota
setting to set a maximum number of simultaneous connections allowed incoming through the Firebox from
external computers. Use the Client Quota to set a maximum number of simultaneous connections allowed
out from computers protected by the Edge. If the total number of client or server connections per second
exceeds the connection limit you set, new connection packets are dropped.