Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
31
d. Set the scanning threshold to 4500.
e. Select Add the source IP to the blacklist.
f. Click Apply.
Figure 39 Configuring scanning detection for the untrusted zone
Verifying the configuration
Select Intrusion Detection > Blacklist from the navigation tree to view manually added blacklist entries.
The firewall discards all packets from Host D before you remove the blacklist entry for the host. If the
firewall receives packets from Host C, the firewall discards all packets from Host C within 50 minutes.
After 50 minutes, the firewall forwards packets from Host C correctly.
The firewall outputs an alarm log and adds the IP address to the blacklist when detecting a scanning
attack from the untrusted zone. You can select Intrusion Detection > Blacklist from the navigation tree to
view the blacklist entry automatically added by scanning attack protection.
Displaying intrusion detection statistics
1. From the navigation tree, select Intrusion Detection > Statistics to enter the intrusion detection
statistics page, as shown in Figure 40.
2. Select a zone to view the counts of attacks and the c
ounts of dropped packets in the security zone.
Descriptions of attack types are shown in Table 12.