Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
841842843844845846847848849850
A-47
Threat Management Services zl Module Command-Line Reference
Global Configuration Context
Table A-15. IP Reassembly Options
ips
This command configures your Intrusion Prevention System (IPS). With this
command you can configure the following IPS features:
Threat mitigation (according to threat-level) (Routing mode only)
Signatures
IPS web-proxy
Protocol anomaly settings (Routing mode only)
Inspection options
To enable or disable the IPS, enter the following command:
Syntax: ips [ enable | disable ]
ips threat-level
In routing mode, when the TMS zl Module detects a threat, it can terminate
the session, block the packets, or allow the packets depending on threat level.
For example, you can terminate sessions for threats classified as critical while
allowing packets associated with threats classified as information.
To configure IPS threat mitigation according to threat level, enter the
following:
Syntax: ips threat-level < critical | severe | minor | warning | information > < terminate
| block | allow >
Extended Command Option Purpose
max-ip-messages <maximum messages> Specifies the maximum number of allowed IP messages
to be held in buffer (1-50000)
max-fragment-count <maximum fragments> Specifies the maximum number of allowed IP fragments
to be held in buffer (1–65535)
max-packet-size <maximum size> Specifies the maximum size of the original, or
reassembled, packet in bytes (1–65535)
min-fragment-size <minimum size> Specifies the minimum size of the packet fragments in
bytes (1–65535)
timeout <seconds> Specifies the number of seconds until an unsuccessful
reassembly times out (11-120)