Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
127128129130131132133134135136
126
8BConfiguring IDS collaboration
The firewall device can collaborate with only Venusense IDS devices.
IDS collaboration can be configured only in the Web interface.
41B
Feature and hardware compatibility
Hardware IDS collaboration
com
p
atible
F1000-A-EI/F1000-S-EI Yes
F1000-E Yes
F5000 No
Firewall module Yes
U200-A Yes
U200-S Yes
42B
IDS collaboration overview
Figure 107 Network diagram for IDS collaboration
As shown in 430HFigure 107, IDS collaboration is introduced for firewalls to work with an Intrusion detection
system (IDS) device. The collaboration process occurs:
1. The IDS device examines network traffic for attacks.
2. When the IDS device detects an attack, it sends an SNMP trap message to the firewall device. The
trap message may carry attack information such as source IP address of the attacker, target IP
address to be attacked, source port and destination port.
3. When a firewall with IDS collaboration enabled receives the trap message, it retrieves the attack
information, generates a blocking entry, and blocks subsequent traffic from the source.
43B
Enabling IDS collaboration
1. From the navigation tree, select Intrusion Detection > IDS Collaboration.
The IDS collaboration configuration page appears.