Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
141142143144145146147148149150
3-79
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Step 2: Detect Threats
Note that this IDS configuration works only with static port mirroring (either local or remote).
It does not work with dynamic mirroring reconfiguration under the control of NIM.
Figure 3-83 shows the sample network used to illustrate the IDS setup procedure. The proce-
dure covers only the setup of the UTM device for IDS operation: NIM’s response to the threat
is covered in “Step 3: Respond to Threats” on page 3-126.
Figure 3-83. Sample Network Illustrating an Off-line IDS
To set up the UTM device as an IDS, complete the following steps:
1. Load the IDS software, which the UTM device requires to operate in IDS mode. (You can
obtain this software from your Fortinet sales representative.)
2. Make sure that the device is in transparent mode with an IP address on your network. If it
is not already in transparent mode, refer to step 8 of the instructions on page 3-62. If you
changed the UTM device’s IP address, log in to the device again using the new IP address.
3. Determine which ports to use. (Do not connect the cables yet.) You will need two ports on
the UTM device:
One management port (for configuring the device and monitoring SNMP traps)
One sniffer port (for receiving the mirrored traffic)
Different models of FortiGate UTM devices have different arrangements of ports, typically
labeled as WAN, DMZ, Internal, and so on. Most ports are suitable for IDS. Do not, however,
use a switched internal port as the sniffer port. (A single internal port on a UTM device is
not switched. But ports that are grouped together as Internal and numbered as 1, 2, 3, and
4 are switched ports.)