Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
131132133134135136137138139140
3-71
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Step 2: Detect Threats
Figure 3-71. Edit the Action the Fortinet UTM Device Takes in Response to a Threat
You can modify the Echo.Reply signature to simplify the testing of the UTM device’s
communication with PCM+/NIM. The Echo.Reply signature is disabled by default. You can
enable it to have the UTM device respond to pings.
When Echo.Reply is enabled, you can test the UTM device’s connection to PCM+/NIM
simply by pinging a host on the other side of the UTM. When the host replies to the ping,
the UTM detects the reply. It allows the reply because the action is set to Pass, and it logs
the event with a severity level of Information.
Later in this section, you will set up a firewall policy and configure the UTM device to send
an SNMP trap to PCM+/NIM whenever it detects an event with a severity level of Informa-
tion. You can then test the configuration simply by pinging a host on the other side of the
UTM and verifying that PCM+ receives the SNMP trap for the event.
d. Click OK.
Figure 3-72. Edit the Echo.Reply Signature
2. Set up the anomaly definitions. The UTM device maintains a table of anomaly definitions
(behavior descriptions). Each entry in the table includes the name of the anomaly, whether
detection and logging are enabled, the action to be taken by the UTM device, and the
severity level assigned to the attack. You can accept the default anomaly definitions, or
you can modify individual definitions to better serve your network environment.
a. In the navigation bar, click the Intrusion Protection tab.
b. Click Anomaly. The table of behavior anomalies is displayed.
c. Modify the entries in that table in the same way that you modified the entries in the
signature table.
d. Click OK.
3. Set up a protection profile to define how severe an intrusion must be to be detected and
logged.
a. In the navigation bar, click the Firewall tab.
b. Click Protection Profile.
c. Select a profile and click its editing icon. Alternatively, create a new profile using the
Create New button.