Manualshelf

R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
31323334353637383940
27
IDS collaboration configuration
NOTE:
The firewall can collaborate with only Venusense IDS devices.
The firewall supports the IDS collaboration configuration only in the web interface.
Overview
IDS collaboration is introduced for firewalls to work with an Intrusion detection system (IDS) device. As
shown in Figure 25, the colla
boration process occurs:
1. The IDS device examines network traffic for attacks.
2. When the IDS device detects an attack, it sends an SNMP trap message to the firewall device. The
trap message may carry attack information such as source IP address of the attacker, target IP
address to be attacked, source port and destination port.
3. When a firewall with IDS collaboration enabled receives the trap message, it retrieves the attack
information, generates a blocking entry, and blocks subsequent traffic from the source.
Figure 25 Network diagram for IDS collaboration
Enabling IDS collaboration
Select Intrusion Detection > IDS Collaboration from the navigation tree to enter the page for enabling IDS
collaboration, as shown in Figure 26. Selec
t the Enable IDS Collaboration check box, and click Apply.
Figure 26 Enable IDS collaboration
Configuration guidelines
When configuring IDS collaboration, follow these guidelines:
1. Both the firewall devices and IDS devices must support and have SNMPv2c configured.