Manualshelf

TMS zl Module Release Notes ST.1.2.101122

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
19
Software Management
Enhancements
The IPS engine qualifies traffic as client initiated or server initiated. You can independently set
the inspection depth values, in bytes, for client-to-server and server-to-client traffic. This means
that you can tune the IPS inspection depth to values desirable to your deployment. For example,
if your environment warranted greater scrutiny to be applied to client initiated traffic, you could
set a larger inspection depth value for client-to-server traffic.
The inspection depth can be set anywhere from 1 byte to roughly 2 GB (2147483647 bytes); a
value of 0 (zero) is used to indicate "full inspection" for the type (client initiated or server
initiated) of traffic specified.
For example:
(config)# ips inspection-depth 0 1024
This command would set "full inspection" (no limit) on the client-to-server traffic, and a 1024
byte inspection limit on the server-to-client traffic.
Please note that the ips full-inspection command overrides this setting. When full inspection is
enabled, both the client-to server and server-to-client values are set to 0 (zero). Similarly, if full
inspection is disabled, both client-to-server and server-to-client values are set to their default
values, 1024 bytes.
Logging Administrative Changes
Log Messages were added to keep track of Administrative Changes of the TMS module
(PR_44476 - Add log messages for the following administrative changes):
Creating/deleting/modifying access policy address groups
Deleting a service object
Adding/modifying/deleting service group
Adding/modifying/deleting firewall access policy schedule
Modifying firewall setting for attack checking, policy order
Changing enable/disable state of ALGs
Deleting a firewall connection reservation.
Changing the firewall connection timeout values
Adding/modifying/deleting a custom firewall protocol connection timeout
Enabling/disabling IP reassembly or modifying values
Adding/deleting port maps
Enabling/disabling protocol anomaly detection
Changing actions for IPS threat levels
Updating bytes inspected in packet
Changing protocol anomaly settings