User`s manual
C
C
C
h
h
h
a
a
a
p
p
p
t
t
t
e
e
e
r
r
r
8
8
8
A
A
A
n
n
n
o
o
o
m
m
m
a
a
a
l
l
l
y
y
y
F
F
F
l
l
l
o
o
o
w
w
w
I
I
I
P
P
P
IAR-5000 can block the internal anomaly mount of packets sent from external hackers and also
included the mechanism of co-defense system, can enhance the enterprise network security and
stability.
In this chapter, we will make the introduction and settings of Anomaly Flow IP.
The threshold sessions of anomaly flow (per source IP)
When the session number ( per source IP ) has over the limitation of anomaly flow sessions per
source IP, then IAR-5000 will take this kind of IP to be anomaly flow IP and make some actions.
For example, block the anomaly flow IP or send the notification)
Anomaly Flow IP Blocking
IAR-5000 can block the sessions of anomaly flow IP.
Notification
IAR-5000 can notice the user and system administrator by e-mail or NetBIOS notification as any
anomaly flow occurred.
Co-Defense System
IAR-5000 has the co-defense mechanism which can integrate the switch, so that can enhance the
enterprise network security protection.
Non-detected IP
System administrator can set which IP address to be the non-detected IP, it is because some of
these IP provide amount of services, so that will let IAR-5000 define it to be anomaly flow IP. We
can use this function to avoid the problem.
131