Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
111112113114115116117118119120
3-51
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Step 2: Detect Threats
i. Set the AD Operational Mode to Inactive. (The sensor documentation recommends a
setting of Inactive for one-directional traffic, such as that through an IPS interface pair.
Because one-directional traffic does not show responses to port connection requests
from a single source, all such activities look like IP address sweep or TCP port sweep
or similar malicious activity to the anomaly detection engine, even though they may
be legitimate. Setting the anomaly detection to Inactive avoids false positives from the
anomaly detection engine.)
Figure 3-50. Adding a Virtual Sensor
j. Optionally, click the double arrow icon to change the default values under Advanced
Options:
i. Choose how the sensor tracks inline TCP sessions (by interface and VLAN, VLAN
only, or virtual sensor). The default is virtual sensor. This is almost always the best
option to choose.
ii. Choose the Normalizer mode (by strict evasion protection or asymmetric mode
protection).
k. Click OK.
l. Click Apply.
6. Connect the network cables into the appropriate ports. The incoming traffic goes to the
first port of the interface pair, and the outgoing traffic comes from the second port of the
interface pair.