Configuring ids collaboration, Feature and hardware compatibility, Overview – H3C Technologies H3C SecPath F1000-E User Manual
Page 47: Enabling ids collaboration
39
Configuring IDS collaboration
Feature and hardware compatibility
Feature F1000-A-EI/E-SI/S-AI
F1000-E
F5000-A5 Firewall
module
IDS collaboration
Yes
Yes
Yes
No
NOTE:
•
The firewall device can collaborate with only Venusense IDS devices.
•
The IDS collaboration configuration is available only in the web interface.
Overview
IDS collaboration is introduced for firewalls to work with an Intrusion detection system (IDS) device. As
shown in
, the collaboration process occurs:
1.
The IDS device examines network traffic for attacks.
2.
When the IDS device detects an attack, it sends an SNMP trap message to the firewall device. The
trap message may carry attack information such as source IP address of the attacker, target IP
address to be attacked, source port and destination port.
3.
When a firewall with IDS collaboration enabled receives the trap message, it retrieves the attack
information, generates a blocking entry, and blocks subsequent traffic from the source.
Figure 47 Network diagram for IDS collaboration
Enabling IDS collaboration
Select Intrusion Detection > IDS Collaboration from the navigation tree to enter the page for enabling IDS
collaboration, as shown in
. Select the Enable IDS Collaboration box, and click Apply.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS