Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
131132133134135136137138139140
125
Configuring IDS collaboration
The firewall device can collaborate with only Venusense IDS devices.
IDS collaboration can be configured only in the Web interface.
IDS collaboration overview
Figure 107 Network diagram for IDS collaboration
As shown in Figure 107, IDS collaboration is introduced for firewalls to work with an Intrusion detection
system (IDS) device. The collaboration process occurs:
1. The IDS device examines network traffic for attacks.
2. When the IDS device detects an attack, it sends an SNMP trap message to the firewall device. The
trap message might carry attack information such as source IP address of the attacker, target IP
address to be attacked, source port and destination port.
3. When a firewall with IDS collaboration enabled receives the trap message, it retrieves the attack
information, generates a blocking entry, and blocks subsequent traffic from the source.
Enabling IDS collaboration
1. From the navigation tree, select Intrusion Detection > IDS Collaboration.
The IDS collaboration configuration page appears.
Figure 108 Enable IDS collaboration
2. Select the Enable IDS Collaboration box.
3. Click Apply.
Configuration guidelines
When you configure IDS collaboration, follow these guidelines:
Both the firewall devices and IDS devices must support and have SNMPv2c configured.