beautypg.com

12 action management, Action management overview, Configuring action management – H3C Technologies H3C SecBlade IPS Cards User Manual

Page 84: Configuration task list, Action management

background image

12-1

12

Action Management

Action Management Overview

An action management module manages actions and action sets. An action set is a group of actions

that can be applied in IPS, bandwidth, and URL policies to configure the actions conducted to the

matching packets. The actions include block action and notify actions.

z

Block action—Blocking and isolating the attack packets once an attack is detected. It is suitable for

IPS, bandwidth management, and URL filtering.

z

Notify action—Sending notification messages once an attack is detected. It can be applied for IPS,

bandwidth management, and URL filtering.

Configuring Action Management

Configuration Task List

Follow the steps in

Table 12-1

to configure action management:

Table 12-1 Action management configuration task list

Task

Description

Creating a Block Action

Creating
an action

Creating a Notify Action

Required

Use either operation

Create a bloc action or notify action, and configure the action.

z

By default, a block action named Block exists.

z

By default, a notify action named Notify exists.

Creating an Action Set

Optional

Create an action set and configure the actions in it.

By default, a system-defined action set exists, as shown in

Figure 12-5

.

The system-defined action set varies by device.

Uploading Packet Trace Files

Optional

You can upload the trace files generated by the packet trace action to
the TFTP server. With the IP address of the TFTP server configured,
the system uploads the trace files to the TFTP server at a specified
upload time. Meanwhile, the system checks the disk partitions at
certain times. When the partition usage reaches the threshold, the
system automatically uploads the packet trace files starting from the
oldest ones until the usage falls into the normal range.

If the specified TFTP server is not reachable, or the server is reachable
but the TFTP server service is not enabled, the trace file fails to be
uploaded, and the system removes the trace file if the partition usage
reaches the threshold.

See also other documents in the category H3C Technologies Safety: