Lst1ips1a1 card configuration, Configuration overview, From internal network to external network – H3C Technologies H3C SecBlade IPS Cards User Manual

44

Figure 29 Create a segment

NOTE:

When creating a segment, you need to select the internal zone, external zone and the internal interface.

Figure 30 Configure the segment

LST1IPS1A1 Card Configuration

NOTE:

The LST1IPS1A1 card is only for the S12500 switches.

Configuration Overview

The switch and the SecBlade IPS card are connected through internal 10GE interfaces. With OAA

configured, the switch redirects traffic to the SecBlade IPS card through its 10GE interface automatically.

After processing the traffic, the SecBlade IPS card sends the traffic back to the switch through its internal

10GE interface, and the switch forwards the traffic. The detailed data forwarding process is as follows.

From internal network to external network

1.

Packets from the internal network enter the switch.

2.

The switch redirects the packets to the SecBlade IPS card.

3.

The SecBlade IPS card processes the packets, and then forwards them back to the switch.

4.

The switch forwards the packets out its external network interface.

From external network to internal network

1.

Packets from the external network enter the switch.

2.

The switch redirects the packets to the SecBlade IPS card.

3.

The SecBlade IPS card processes the traffic, and then forwards them back to the switch.