HP VPN Firewall Appliances Attack Protection Configuration Guide
158
Hardware Protocol audit com
p
atibilit
y
Firewall modules No
U200-A/U200-M/U200-CA Yes
U200-S/U200-CS/U200-CM Yes
Overview
You can configure protocol audit to audit the following protocols:
• HTTP—Audits the URI that users have accessed and the host field.
• SMTP and POP3—Audits receivers (including recipients, CC recipients, and BCC recipients),
senders, and subjects of the mails that are sent or received through SMTP or POP3.
• FTP—Audits information of the file that users upload or download, such as the file name.
Protocol audit supports outputting logs only to remote log hosts.
Recommended configuration procedure
Ste
p
Remarks
1. Configuring protocol audit log
output parameters
Required.
Configure the device to send protocol audit logs to remote log hosts.
For this function to work, navigate to page Log Report > Syslog to
specify the remote log host addresses (see System Management and
Maintenance).
By default, logs are not sent to remote log hosts.
2. Creating a protocol audit policy
Required.
No protocol audit policy exists by default.
3. Applying a protocol audit policy
Required.
No protocol audit policy is applied by default.
Configuring protocol audit log output parameters
1. Select Advanced Security Prevention > Protocol Audit from the navigation tree.
The Protocol Audit Policies tab is displayed, as shown in Figure 136.