Configuration of USG6000 series interworking with the ATIC on the CLI

19

The USG6000 series can be configured on the CLI to interwork with the ATIC.
1. Run the info-center atic ip-address command to enable the interworking with the ATIC and specify the IP address of the ATIC server.
2. Run the display info-center atic command to check whether the USG6000 is enabled to interwork with the ATIC and the ATIC server's IP address.
After the USG6000 is configured to interwork with the ATIC server, it can send traffic anomaly logs to the ATIC server.

Other related questions:
Configuration of USG6000 series interworking with the ATIC on the web UI
The USG6000 series can be configured on the web UI to interwork with the ATIC. 1. Choose Policy > Security Protection > Attack Defense > Anti-DDoS. 2. Select the ATIC Interworking check box and enter the IP address of the ATIC server. After the USG6000 is configured to interwork with the ATIC server, it can send traffic anomaly logs to the ATIC server.

Configuration of traffic mirroring on the CLI for the USG6000 series
The USG6000 series does not support traffic mirroring.

Configuration of IP sweep attack defense for the USG6000 series on the CLI
You can configure IP sweep attack defense for the USG6000 series on the CLI. 1. Run the firewall defend ip-sweep enable command to enable IP sweep attack defense. By default, IP sweep attack defense is disabled. 2. Run the firewall defend ip-sweep max-rate max-rate-number command to set the IP sweep maximum connection rate. By default, the maximum connection rate is 4000 pps. 3. Run the firewall defend ip-sweep blacklist-timeout interval command to set the blacklist aging time. By default, the blacklist aging time is 20 minutes. 4. Run the firewall blacklist enable command to enable the blacklist function. After IP sweep attack defense is enabled, the device checks received TCP, UDP, and ICMP packets. If the number of packets that a source address sends per second to different destination IP addresses exceeds the specified threshold, the USG6000 considers that the source address is initiating an IP sweep attack. It blacklists the IP address and: Discards the packets from the source address if the blacklist function is enabled. Forwards the packets from the source address and generates an alarm if the blacklist function is disabled.

Configuration of port scan attack defense for the USG6000 series on the CLI
You can configure port scan attack defense for the USG6000 series on the CLI. 1. Run the firewall defend port-scan enable command to enable port scan attack defense. By default, port scan attack defense is disabled. 2. Run the firewall defend port-scan max-rate max-rate-number command to set the port scan maximum connection rate. By default, the maximum connection rate is 4000 pps. 3. Run the firewall defend port-scan blacklist-timeout interval command to set the blacklist aging time. By default, the blacklist aging time is 20 minutes. 4. Run the firewall blacklist enable command to enable the blacklist function. After port scan attack defense is enabled, the device checks received TCP and UDP packets. If the number of packets that a source address sends per second to different destination ports exceeds the specified threshold, the USG6000 considers that the source address is initiating a port scan attack. It blacklists the IP address and: Discards the packets from the source address if the blacklist function is enabled. Forwards the packets from the source address and generates an alarm if the blacklist function is disabled.

Configuration of SIP flood attack defense for the USG6000 series on the CLI
You can configure SIP flood attack defense for the USG6000 series on the CLI. Run the anti-ddos sip-flood source-detect [ alert-rate alert-rate ] command to enable SIP flood attack defense.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top