Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Attack Protection Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
41424344454647484950
38
Configuring IDS collaboration
Feature and hardware compatibility
Feature F1000-A-EI/S-EI
F1000-E
F5000 Firewall module
IDS collaboration Yes Yes Yes No
NOTE:
The firewall device can collaborate with only Venusense IDS devices.
The IDS collaboration configuration is available only in the web interface.
Overview
IDS collaboration is introduced for firewalls to work with an Intrusion detection system (IDS) device. As
shown in Figure 47, the c
ollaboration process occurs:
1. The IDS device examines network traffic for attacks.
2. When the IDS device detects an attack, it sends an SNMP trap message to the firewall device. The
trap message may carry attack information such as source IP address of the attacker, target IP
address to be attacked, source port and destination port.
3. When a firewall with IDS collaboration enabled receives the trap message, it retrieves the attack
information, generates a blocking entry, and blocks subsequent traffic from the source.
Figure 47 Network diagram for IDS collaboration
Enabling IDS collaboration
Select Intrusion Detection > IDS Collaboration from the navigation tree to enter the page for enabling IDS
collaboration, as shown in Figure 48. S
elect the Enable IDS Collaboration box, and click Apply.
Figure 48 Enable IDS collaboration