Help Center/ Anti-DDoS Service/ User Guide/ CNAD Advanced (CNAD) Operation Guide/ Adding a Protection Policy/ Configuring a Basic Protection Policy to Intercept Attack Traffic
Updated on 2024-12-24 GMT+08:00

Configuring a Basic Protection Policy to Intercept Attack Traffic

After your service is connected to CNAD, you can set basic protection policies for the protected objects. If the DDoS bandwidth on an IP address exceeds the configured threshold, CNAD is triggered to scrub attack traffic to ensure service availability.

Limitations and Constraints

If you have a custom policy, you cannot change the traffic scrubbing threshold. To change the traffic scrubbing threshold, submit a service ticket to Huawei technical support.

Enabling Basic Protection

  1. Log in to the management console.
  2. Select a region in the upper part of the page, click in the upper left corner of the page, and choose Security & Compliance > Anti-DDoS Service. The Anti-DDoS Service Center page is displayed.
  3. In the navigation pane on the left, choose Cloud Native Anti-DDoS Advanced > Protection Policies. The Protection Policies page is displayed.
  4. Click Create Protection Policy.
  5. In the displayed dialog box, set the policy name, select an instance, and click OK.

    Figure 1 Creating a policy

  6. In the row containing the target policy, click Set Protection Policy in the Operation column.
  7. In the Basic Protection area, click Set.

    Figure 2 Basic protection

  8. In the Basic Protection Settings dialog box that is displayed, set the traffic scrubbing threshold.

    Figure 3 Basic protection settings
    Table 1 Parameter description

    Parameter

    Description

    Traffic Scrubbing Level

    If the DDoS bandwidth on an IP address exceeds the configured scrubbing level, CNAD is triggered to scrub attack traffic.

    You are advised to set a value closest to, but not exceeding, the purchased bandwidth.

    Defense Mode

    If the traffic reaches the specified scrubbing level, traffic scrubbing is triggered.

    • Loose: Scrubbing is triggered when the traffic reaches three times of the scrubbing level.
    • Normal: Scrubbing is triggered when the traffic reaches twice the scrubbing level.
    • Strict: Scrubbing is triggered when the traffic reaches the scrubbing level.

  9. Click OK. The basic protection policy configuration is completed.