Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
131132133134135136137138139140
3-74
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Step 2: Detect Threats
Figure 3-76. Configuring Log Settings
g. Click Apply.
Optional Subtask: Set Up the UTM Device for IPS Operation
When the Fortinet FortiGate UTM device is used as an IPS, it operates in inline mode in the
network. Traffic flows through the UTM device until it detects a virus or other threat based on
the settings you have configured. The UTM device then takes whatever action you have
specified, typically blocking traffic from the attacker and sending a notification to NIM. In this
way, the UTM device can prevent malicious traffic from reaching sensitive areas of your
network, and NIM can act on the source of the malicious traffic.
Figure 3-77 illustrates the IPS deployment. In this sample network, a UTM device acting as an
IPS is placed in-line to protect the servers in a data center from attacks. Ordinarily, the UTM
device allows all traffic to pass through from one segment of the network to the other. If the
UTM device detects an attack, it takes a predetermined action (typically blocking traffic from
the attacker) and sends an alert to PCM+/NIM, which can further respond to the attack by
shutting down the attacker’s port.