Manualshelf

HP ProCurve Threat Management Solution Implementation Guide 2009-05

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
261262263264265266267268269270
4-55
HP ProCurve Network Immunity Manager with HP ProCurve Security Devices
Step 2: Detect Threats
Subtask: Enable IPS. IPS is disabled by default. To enable IPS and configure the way it scans
traffic, complete the following steps:
1. In the PCM+ navigation tree, right-click the TMS zl Module.
2. In the menu that is displayed, click TMS-IPS > Settings. The Settings window is displayed.
3. Select IPS Status and then Enable IPS.
Figure 4-43. PCM+ Settings Window (for TMS zl Module)
4. Select a Signature Preferences (Full Inspection: best security effectiveness) setting.
The IDS/IPS engine can be configured to perform either optimized session inspection or
full-session inspection. When configured for optimized session inspection, the IDS/IPS
engine will inspect a sample of the traffic for a given session. This will increase the
performance of the TMS zl Module; however, because less traffic is subject to IDS/IPS
inspection, it might reduce the detection rate of some signatures.
Conversely, configuring the TMS zl Module for full-session inspection means that all traffic
through the TMS zl Module for a given session is subject to IDS/IPS inspection. This will
increase the effectiveness of some signatures; however, the throughput of the module will
be lower by comparison to optimized session inspection.
5. Select Save Configuration.
6. Click OK.
After you have finished configuring the TMS zl Module, you can begin to configure alerts,
actions, and NIM policies. Continue with “Task: Configure ProCurve Security Devices Alerts”
on page 4-70.