Configuring ids collaboration, Feature and hardware compatibility, Overview – H3C Technologies H3C SecPath F1000-E User Manual

Page 47: Enabling ids collaboration

Advertising

Configuring IDS collaboration

Feature and hardware compatibility

Feature F1000-A-EI/E-SI/S-AI

F1000-E

F5000-A5 Firewall

module

IDS collaboration

Yes

NOTE:
•

The firewall device can collaborate with only Venusense IDS devices.

•

The IDS collaboration configuration is available only in the web interface.

Overview

IDS collaboration is introduced for firewalls to work with an Intrusion detection system (IDS) device. As

shown in

Figure 47

, the collaboration process occurs:

The IDS device examines network traffic for attacks.

When the IDS device detects an attack, it sends an SNMP trap message to the firewall device. The
trap message may carry attack information such as source IP address of the attacker, target IP
address to be attacked, source port and destination port.

When a firewall with IDS collaboration enabled receives the trap message, it retrieves the attack
information, generates a blocking entry, and blocks subsequent traffic from the source.

Figure 47 Network diagram for IDS collaboration

Enabling IDS collaboration

Select Intrusion Detection > IDS Collaboration from the navigation tree to enter the page for enabling IDS

collaboration, as shown in

Figure 48

. Select the Enable IDS Collaboration box, and click Apply.

Advertising

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS

Popular Brands

Popular manuals