HP ProCurve Threat Management Solution Implementation Guide 2009-05
4-69
HP ProCurve Network Immunity Manager with HP ProCurve Security Devices
Step 2: Detect Threats
Subtask: Configure IDS Signature Preferences. The module’s IDS engine can be config-
ured to perform either optimized session inspection or full-session inspection. When config-
ured for optimized session inspection, the IDS/IPS engine will inspect a sample of the traffic
for a given session. This will increase the performance of the TMS zl Module; however, because
less traffic is subject to IDS inspection, it might reduce the detection rate of some signatures.
Conversely, configuring the TMS zl Module for full-session inspection means that all traffic
through the TMS zl Module for a given session is subject to IDS inspection. This will increase
the effectiveness of some signatures; however, the throughput of the module will be lower by
comparison to optimized session inspection.
To configure the IDS signature preference, complete the following steps:
1. In the PCM+ navigation tree, right-click the TMS zl Module.
2. In the menu that is displayed, click TMS-IPS > Settings. The Settings window is displayed.
Notice that the IPS Status settings are grayed out. This is because IDS is always enabled
when the TSM zl Module runs in monitor mode.
Figure 4-48. PCM+ Settings Window (for TMS zl Module)
3. Select a Signature Preferences (Full Inspection: best security effectiveness) setting.
4. Select Save Configuration.
5. Click OK.
After you have finished configuring the TMS zl Module, you can begin to configure alerts,
actions, and NIM policies. Continue with “Task: Configure ProCurve Security Devices Alerts”
on page 4-70.