Ips configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecBlade IPS Cards User Manual

14-11

Item

Description

Status

Set the status for a rule category.

z

Default means to keep the default status of all rules of the category.

z

Enable means to set the status of all rules of the category to Enable.

z

Disable means to set the status of all rules of the category to Disable.

Rule
Details

Action Set

Set the action set for a rule category.

z

Default means to keep the default action set of all rules of the category.

z

A specific action set applies to all rules of the category.

Segment ID

ID of the segment to which the IPS policy applies

Available segments are those configured on the page you enter by selecting System
Management > Network Management > Segment Configuration.

Internal Zone

Display the name of the internal zone and port members of the segment.

External Zone

Display the name of the external zone and port members of the segment.

Direction

Apply the policy from internal zone to external zone, from external zone to internal
zone, or both.

After the above configurations, click Apply & Activate to activate the configurations, or click Apply to

save the configurations, which you can activate later.

IPS Configuration Example

Network requirements

z

Apply the policy to the outbound direction of segment 0.

z

Create an IPS policy named RD on Device, copy the rules of the default policy Attack Policy, and

then modify the rule named 150999021 by enabling the rule and changing the action set to

Block+Notify.

Figure 14-11 Network diagram for IPS configuration

Configuration procedure

# Create IPS policy RD.