Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
511512513514515516517518519520
6-35
Intrusion Detection and Prevention
Configure IDS/IPS
Configure IPS Actions (Routing Mode Only)
Each signature or protocol anomaly is pre-assigned one of five threat levels:
Critical
Severe
Minor
Warning
Informational
You can configure the TMS zl Module to take one of three actions on traffic
that matches a specific IPS threat level.
Note These actions apply to threats detected by signatures. The action taken in
response to protocol anomalies is set at the factory and cannot be changed.
Terminate the session—The TMS zl Module closes the session with the
offending traffic. It drops all traffic that is associated with the session.
For example, if the threat was detected in an HTTP session to a private
server, the offender is blocked from sending any traffic to that server on
the HTTP port. No TCP reset or similar message is returned.
Block the packet—The TMS zl Module drops the offending traffic so that
it does not reach the intended target. However, other traffic within the
session is allowed.
Allow the packet (log)—The TMS zl module allows the packet to
proceed to its destination but logs the threat.
To configure IPS actions, follow these steps:
1. Click Intrusion Protection > Settings > Actions.