Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
161162163164165166167168169170
3-104
HP ProCurve Network Immunity Manager with a Third-Party IDS/IPS
Step 2: Detect Threats
3. Select All Categories in the View Styles menu.
Figure 3-111. Categories Window
4. In the Attacks category, select the check boxes for Log, Alerts, and Syslog.
5. Click Accept.
A simple test allows you to verify that intrusion prevention is functioning properly. This test
makes use of the Echo Reply signature, which detects the response to a ping. To test the
intrusion prevention setup, follow the steps below:
1. Ping from a host on one side of the UTM to a host or device on the other side of the UTM
device. The device will detect the reply to the ping.
2. In the left navigation bar, click Log > View. The echo reply will be displayed as a log entry.
Optional Subtask: Complete the Setup of the IPS
In the preceding instructions for configuring the SonicWALL PRO Series UTM device, you set
it up to function as an IPS. When the device is used as an IPS, it operates in inline mode in the
network. Traffic flows through the device until it detects a virus or other threat. Then, it takes
whatever action you have configured, typically blocking traffic from the attacker and sending
a notification to NIM. In this way, the UTM device can prevent malicious traffic from reaching
sensitive areas of your network, and NIM can act on the source of the malicious traffic.
The sample network in Figure 3-112 illustrates the IPS setup procedure. (This is the same
diagram that is shown at the beginning of the SonicWALL section.) In this network, a UTM
device acting as an IPS is placed in-line to protect the servers in a data center from attacks.