HUAWEI CLOUD Advanced Anti-DDoS

This section describes how to configure the HUAWEI CLOUD Advanced Anti-DDoS.

Creating the HUAWEI CLOUD Advanced Anti-DDoS

Choose Defense > Policy Settings > Cloud Clean > Huawei Cloud Advance Anti-DDoS.

Click and specify basic information about the HUAWEI CLOUD Advanced Anti-DDoS in Create.

Before creating a HUAWEI CLOUD Advanced Anti-DDoS protection group, you need to create a Zone and deploy it. In the Zone, you need to configure the protected IP addresses and devices.

Parameter	Description
Defense IP	Enter the destination IP address. Only IPv4 addresses are supported.
Name	Enter a company name.
Domain	Enter the protected domain.
Region	Select a region from the drop-down list.
Defense IP Line	Select a line from the drop-down list. Currently, the following lines are supported: china_unicom, china_mobile, china_telecom, and BGP.
TCP Port	Enter a port number. If you enter multiple port numbers, separate them using commas (,). A maximum of 20 port numbers are supported. The port number ranges from 1 to 65535.
UDP Port	Enter a port number. If you enter multiple port numbers, separate them using commas (,). A maximum of 20 port numbers are supported. The port number ranges from 1 to 65535.
Backup IP	Enter the destination IP address in IPv4 format.
Switching Threshold	When the incoming traffic of the device reaches the configured threshold, the system switches to the HUAWEI CLOUD Advanced Anti-DDoS. The default value is 1000 Mbit/s. The value ranges from 1 to 200,000.
Switch to Advanced Anti-DDoS	Manual: The administrator can manually switch the HUAWEI CLOUD Advanced Anti-DDoS back to ATIC-based defense. Automatic: When the traffic exceeds the threshold, the system automatically switches to HUAWEI CLOUD Advanced Anti-DDoS.
Switch back to ATIC-based defense	Manual: The administrator can manually switch the HUAWEI CLOUD Advanced Anti-DDoS back to ATIC-based defense. NOTE: After the attack stops, you are advised to switch back to ATIC-based defense.
DNS Quick Refresh	This item is displayed when Identity Authentication for Advanced Anti-DDoS is configured for the purchased HUAWEI CLOUD Advanced Anti-DDoS device. Manual: After the defense mode is switched to the HUAWEI CLOUD Advanced Anti-DDoS, click DNS Quick Refresh for manual update. Automatic: After the defense mode is switched to the HUAWEI CLOUD Advanced Anti-DDoS, fast DNS update is performed automatically.
Device Name	Select a device from the drop-down list.
Expiration Date	This item is displayed after you select the device where the HUAWEI CLOUD Advanced Anti-DDoS service is enabled. The value is automatically set to the expiration date of the HUAWEI CLOUD Advanced Anti-DDoS service license.

Click OK.
After the configuration is complete, if the incoming traffic exceeds the threshold, the HUAWEI CLOUD Advanced Anti-DDoS is automatically triggered.

You can also manually implement the HUAWEI CLOUD Advanced Anti-DDoS by selecting the check box of the HUAWEI CLOUD Advanced Anti-DDoS in Huawei Cloud Advanced Anti-DDoS and clicking above the list.

Viewing the Defense Switching History

In Huawei Cloud Advanced Anti-DDoS, click to view the defense switching history.

Parameter	Description
Defense IP	Enter the destination IP address. Only IPv4 addresses are applicable.
Start Time	Click to select the start time of statistics. Or you can change the time values in corresponding text boxes.
End Time	Click to select the end time of statistics. Or you can change the time values in corresponding text boxes.

Click Search.

Identity Authentication for Advanced Anti-DDoS

In Huawei Cloud Advanced Anti-DDoS, click .

Parameter	Recommended Value
Login URL	The default value is https://iam.cn-north-1.myhuaweicloud.com/v3/auth/tokens. For HUAWEI CLOUD users registered before 00:00:00 on September 6, 2019, enter https://iam.cn-north-1.myhuaweicloud.com/v3/auth/tokens. For HUAWEI CLOUD users registered after 00:00:00 on September 6, 2019, enter https://iam.cn-north-4.myhuaweicloud.com/v3/auth/tokens.
User	Registered HUAWEI CLOUD account NOTICE: If you change the user name in the Huawei Cloud Advanced Anti-DDoS dialog box, the existing advanced anti-DDoS configuration becomes invalid. Therefore, if you want to switch to another account, manually delete the existing advanced anti-DDoS configuration and reconfigure the advanced anti-DDoS policy for the new account.
Password	Password of the registered HUAWEI CLOUD account
Domain name	Registered HUAWEI CLOUD account
Project Name	For HUAWEI CLOUD users registered before 00:00:00 on September 6, 2019, enter cn-north-1. For HUAWEI CLOUD users registered after 00:00:00 on September 6, 2019, enter cn-north-4.
Advanced Anti-DDoS URL	https://aad.myhuaweicloud.com/
HUAWEI CLOUD Certificate	Select a certificate from the drop-down list box. NOTE: Before setting this parameter, manually download and create a HUAWEI CLOUD certificate. For details, see Certificate Management. When Login URL is set to https://iam.cn-north-1.myhuaweicloud.com/v3/auth/tokens, download the HUAWEI CLOUD certificate at https://iam.cn-north-1.myhuaweicloud.com/. When Login URL is set to https://iam.cn-north-4.myhuaweicloud.com/v3/auth/tokens, download HUAWEI CLOUD certificate at https://iam.cn-north-4.myhuaweicloud.com/.
Advanced Anti-DDoS Certificate	Select a certificate from the drop-down list box. NOTE: Before setting this parameter, manually download and create an advanced Anti-DDoS certificate. For details, see Certificate Management. To download an Advanced Anti-DDoS certificate, visit https://aad.myhuaweicloud.com/.

Click OK.

Querying HUAWEI CLOUD Advanced Anti-DDoS

Choose Defense > Policy Settings > Cloud Clean > Huawei Cloud Advance Anti-DDoS.
Set search criteria. Enter keywords in Zone IP Address and Zone Group text boxes, and select the desired protection status from the State drop-down list box.
You can use the combination of Zone IP Address and Zone Group to perform fuzzy search.

Click . The information that meets the search criteria is displayed in the HUAWEI CLOUD Advanced Anti-DDoS service list.