10-23-2008 12:52 AM
Dears, i need to setup my firewall to protect from syn floods, i configured the following and i wanna make sure if its enough or need more, i configured my router as L2 with zones V1-Trust and V1-Untrust
set zone "V1-Trust" screen syn-flood
set zone "V1-Trust" screen syn-frag
set zone "V1-Trust" screen syn-fin
set zone "V1-Trust" screen syn-ack-ack-proxy
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen syn-frag
set zone "V1-Untrust" screen syn-fin
set zone "V1-Untrust" screen syn-ack-ack-proxy
and another question
how can i enable AV and AS on the firewall
i have the trial keys and still not expired.
10-23-2008 10:28 PM
u can prevent from syn flood attack using screeing features of firewall as u configured. To enable AV and AS u have to configure policy from V1-untrust to V1-trust and in that policy u can enable AV and AS.
10-24-2008 09:05 AM
10-25-2008 11:01 PM
thank you rkim, version 5.4 and netscreen 204.
well.. i have another problem i hope you can help me with it, the 204 stopped working from the sync flood attacks, so i installed isg1000, it prevented the flood to reach the server, but anyone else stopped also from reaching it, is there any soloution to this.
10-27-2008 10:32 PM
NetScreen 204 doesn't support AV or antispam. Hence there is no license key option for that.
Regarding your new problem, it is not clear to me from your description what your issue is. Can you please elaborate?
10-27-2008 11:56 PM
10-28-2008 11:18 PM
I think you will find this Knowledgebase article of use.
This article refers to high CPU troubleshooting and what you can do to troubleshoot.