Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
421422423424425426427428429430
6-15
Intrusion Detection and Prevention
Threat Detection and Prevention
Figure 6-3. IDS/IPS Packet Flow in Routing Mode
Routing Mode
A packet that is routed to the TMS zl Module in routing mode is passed first
to the firewall, then to the IDS. If the IDS does not detect a threat, it returns
the packet to the firewall, which sends it to its destination. If IDS does detect
a threat, it creates a log entry and then the IPS determines what action to take:
allow the traffic, block the traffic (drop the packets), or terminate the session.
Again, because the IPS receives packets from the firewall, it depends on the
firewall session. If the firewall runs out of sessions, the IPS will drop packets.
For more information about monitor mode compared to routing mode, see
“Operating Modes” in Chapter 1: “Overview.”
The TMS zl Module performs three types of intrusion detection:
Traffic anomaly
Protocol anomaly
Signature