Intrusion detection, Blacklist, Configuratioin guide – H3C Technologies H3C SecCenter Firewall Manager User Manual
Page 103: Figure 98
97
Figure 98 Apply an interzone policy to devices
Intrusion detection
The intrusion detection module provides configuration of blacklist entries and packet inspection profiles
on firewall devices to identify and filter network traffic that travels through them. The blacklist entries and
packet inspection profile help you analyze the packets and define protection measures against attacks.
Blacklist
Blacklist is an attack prevention mechanism that filters packets based on source IP address. The blacklist
feature is fast in filtering packets sourced from particular IP addresses.
The device supports adding and removing blacklist entries manually. Manually configured blacklist
entries fall into two categories: permanent and non-permanent. A permanent blacklist entry is always
present unless being removed manually, whereas a non-permanent blacklist entry has a limited lifetime
depending on your configuration. When the lifetime of a non-permanent entry expires, the device
removes the entry from the blacklist, allowing packets of the IP address defined by the entry to pass
through.
Configuratioin guide
From the navigation tree of the firewall management component, select Blacklist under Intrusion
Detection to enter the blacklist page, as shown in
describes the blacklist
management functions.