Configuring Alarm Policies for a Zone

Alarm policies vary with Zones.

Context

The alarm severity of Zones also varies with scenarios. You can set alarm severity parameters of Zones for differentiated alarms.

The alarm severity falls into:
  • Urgent
  • Major
  • Minor
  • Warning

The default severity of alarms reported by the Genie is Major, and the action matches the Major severity.

Procedure

  1. Choose Defense > Policy Settings > Zone.
  2. Click in the Operation column of the Zone list.
  3. Table 1 describes parameters of alarm policies for user-defined Zones.

    Table 1 Parameters of user-defined alarm severity rules

    Parameter

    Description

    Incoming Traffic (Mbit/s)

    Incoming traffic bandwidth of a single IP address per second

    Incoming Traffic (pps)

    Incoming packets per second

    Concurrent Connections

    Number of concurrent connections

    New Connections

    Number of new connections per second

    Duration

    Attack or anomaly duration

    Action
    • Action:
      • No action
      • Enable traffic diversion
      • Enable coordinated diversion
      • Enable blackhole
      • Enable LPU blackhole
      • Enable blackhole API
      • Disable traffic diversion
      NOTE:

      Before enabling this function, you must enable NP rate limiting on the device. For details, see anti-ddos np-rule defend enable.

    • Alarm action that varies with the alarm severity

    An alarm is triggered if one of the previous conditions is met.

  4. Set alarms in batches.

    If you need to configure alarm policies for multiple Zones, select these Zones and click to set alarms in batches.

    Table 2 Parameters of batched user-defined alarm severity rules

    Parameter

    Description

    Urgent

    The value can be customized as required and is 100 by default.

    Major

    The value can be customized as required and is 60 by default.

    Minor

    The value can be customized as required and is 30 by default.

    Warning

    The value can be customized as required and is 1 by default.

    Action
    • Action:
      • No action
      • Enable traffic diversion
      • Enable coordinated diversion
      • Enable blackhole
      • Enable LPU blackhole
      • Enable blackhole API
      • Disable traffic diversion
      NOTE:

      Before enabling this function, you must enable NP rate limiting on the device. For details, see anti-ddos np-rule defend enable.

    • Alarm action that varies with the alarm severity

    This parameter corresponds to the inbound traffic and alarm action in the alarm severity. (Inbound traffic = Protected bandwidth x Percentage)

Parent topic: Managing Alarms
Copyright © Huawei Technologies Co., Ltd.