UCM6102 Security Settnigs


#1

Hi there
Just wondering about security settings, ours appear to be lax. I don’t want to enable everything in case that affects performance or certain features. On my system all the features below are disabled, I’d like to know which ones are recommended to enable.
Ping Defense disabled
Syn-Flood Defense disabled
Ping-of-Death Defense disabled

Dynamic Defense disabled

Fail2Ban disabled


#2

All defenses should be enabled.


#3

Ping Difesa abilitato
Syn-Flood Defense abilitato
Ping-of-Death Defense disabilitato

Didesa statica abilitata
Difesa dinamica disabilitata

Fail2Ban abilitato

I had problems if I enable both dynamic defense and static defense (GS at the time confirmed me never enable both, I don’t know if something has changed).
Anyway, the protection has to be done upstream on the external firewall, by obligatorily inserting the NAT rules in ACL, the attacker must not reach the UCM.


#4

How do you disable static defense? I do not see a way to do that.

**


#5

I misspoke and corrected it,
I meant static defense enabled and dynamic defense disabled.

As I said I had problems enabling both, since GS told me not to enable them together anymore, I always disabled the dynamic defense.
I enabled Fail2ban and static defense properly set and never had problems.
Obviously with the ACLs done correctly.


#6

Larry, that solves the problem:

"Dynamic defense is supported on the UCM6200 series. It can blacklist hosts dynamically when the LAN mode is set to “Route”

I always use it in Switch mode, that’s why it was a problem.

Damiano


#7

Yes, it can and should. I use all defense settings with no issue. I just whitelist the known IPs.


#8

What I copied you, I got from the current UCM manual.


#9

I almost always use switch and dynamic defense


#10

the manual does not recommend it in switch mode, but recommends it in route mode.