HP Firewall manual Attack events monitoring, Snapshot of events

Page 46

Firewall management

The Firewall Manager enables centralized management of firewall devices in the network, centralized event collection and analysis, realtime monitoring, event snapshot, comprehensive analysis, event details, and log auditing. It provides abundant reports, which can be exported periodically.

To access the firewall management component, select the Firewall tab. Then, you can perform:

Attack events monitoring

Event analysis

Event auditing

Security policy management

Firewall device management

Attack events monitoring

The firewall management component supports centralized monitoring of security events. It can collect and report attack events in real time, and provide the snapshot information based on firewall devices and events.

Snapshot of events

The event snapshot presents the attack protection information in the last hour, including the time, total number of events, blocked events count, source addresses and destination addresses, as well as event types. Besides, it provides the TopN list of attack events, attack destination IP addresses and ports, attack sources, and attack protocols, helping you track the latest security status of the network in an intuitive way.

Configuration guide

From the navigation tree of the firewall management component, select Snapshot of Events under Events Monitor to enter the event snapshot page, as shown in Figure 42.

42

Image 46
Contents HP A-IMC Firewall Manager Page Contents Page Introduction to HP A-IMC Firewall Manager What HP A-IMC Firewall Manager can doInstalling the firewall manager Registering the firewall managerUninstalling the firewall manager Register your licenseManaging devices Device management Operator management System configurationDevice management Device managementOption Description Function DescriptionDevice query option Fields of the device listAdd a device Device configuration items Return to Device management functionsTelnet Password, Snmp Version, Community String for Reading, Device information Deploying software to devices Device software managementFields of the device software list Deploying software to devicesRequired Task Name Software backup result Return to Device software management functionsBacking up configuration files Device config managementFields of the software backup result list Restoring a configuration fileFields of the device configuration management list Backing up configuration filesDevice configuration information management interface Tab Description Fields of the configuration label listRunning Config LabelCompare two configuration files Fields of the running configuration list Draft list Fields of the draft listManaging batch import Configuration guideManaging device groups Device group management functions Device group listAdding a device group Fields of the device group listDevice event query options Managing eventsDevice event list OptionDevice interface event query options Device interface event listFields of the device event list OptionDescriptionFields of the template list Managing device access templatesTemplate list Return to Template management functionsAdd a template Template configuration items Adding a templateManaging the device software database Fields of the device software database list Importing device softwareDevice software database query option Importing device softwareDeployment task query option Managing deployment tasksFields of the deployment task list User levels and the rights Operator managementManaging operators User level RightsOperator management functions Function Description Operator listAdding an operator Fields of the operator listOperator configuration items Managing operation logsFields of the operation log list Changing your login passwordItemDescription Configuring system parameter System configurationConfiguring management ports Configuring the mail server Configure the mail server Mail server configuration itemsFields of the filter list Managing filtersFilter list Filter listFieldDescription Adding a filterReturn to Filter management functions Ldap server list Managing Ldap serversLdap server list Adding an Ldap serverFields of the Ldap server list Adding an Ldap serverReturn to Ldap server management functions Managing log retention time Monitoring the disk spaceActual free disk space is lower than this value Managing subsystems Free disk space monitoringAdding a subsystem Subsystem information Fields of the subsystem listPage Attack events monitoring Snapshot of eventsSnapshot of events Event snapshot query options Fields in the event snapshot listsRecent events list Fields of the recent events listDevice monitoring Event analysisEvent overview Are under your management will appear in the drop-down list Event details Top 10 attack events contrast graphAttack event details Event details query options Report exporting management Fields of the attack event details listReport export task management functions Report export file listFields of the report export task list Report export file listAdding a report export task Event auditingReturn to Report export task management functions Inter-zone access log auditing Abnormal traffic log auditingBlacklist log auditing Operation log auditingOther log auditing Operation log auditingNAT log auditing Mpls log auditingSecurity zones Security policy managementSecurity zone list Fields of the security zone list Security zone listAdding a security zone Return to Security zone management functionsImporting security zones from a device Security zone configuration itemTime ranges Time range listFields of the time range list Time range listAdding a time range Return to Time range management functionsPredefined services ServicesFields of the predefined service list User-defined services Return to Service management functionsType a name for the user-defined service Service groups Service group management Fields of the service group listAdd a service group Service group configuration items Host addresses IP addressesFields of the host address list Add a host address Host address configuration items Address ranges Address range management Fields of the address range listAddress range configuration items Subnet addressesAdd an subnet address Subnet address configuration items IP address groups Add an IP address group IP address group configuration items Interzone rule query options Interzone rulesInterzone rule list Interzone rule listFiled Description Adding an interzone ruleFields of the interzone rule list Return to Interzone rule management functionsAdd an interzone rule Interzone rule configuration items Add source IP addresses for the interzone rule Interzone policy list Interzone policiesInterzone policy list Adding an interzone policyFields of the interzone policy list Adding an interzone policyRule management Return to Interzone policy management functionsRule management Fields of the policy’s rule list Sorting interzone rules Move rulesInterzone policy application query options Interzone policy applicationsInterzone policy application list Fields of the interzone policy application listApplied rules list Applying interzone policiesReturn to Interzone policy application management functions Zone and destination zone pair is numbered Firewall management functions Firewall device managementManaging firewall devices Firewall device listQuery options on the firewall device management Firewall device listAdding firewall devices Fields of the firewall device listManaging the device configuration database Viewing device statisticsConfiguration segment list Fields of the configuration segments listAdding a configuration segment Return to Configuration segment management functionsImporting configuration segments from device Configuration segment configuration itemsDeploying a configuration segment Configure deployment task attributes Deployment task list Deployment task listFields of the deployment task list Online users Comprehensive analysisComprehensive analysis SSL VPN log auditing Online users trends Daily user statisticsUser Count field shows the count of login times on that day Daily user statisticsUser access records auditing SSL VPN log auditingResource access auditing Authentication failure auditingAuthentication failure auditing Network requirements Configuration procedureAdding devices to the firewall manager Add a device to the firewall management component Configuration procedures Configuring the firewall deviceConfigure Snmp on the FW device Configuring the Firewall ManagerEnter the following commands in the CLI Enable logging and send logs to Firewall Manager Add the FW device to the Firewall ManagerConfigure a log host Configuring intrusion detection UserlogScanning detection Blacklist Urpf check Firewall logs and Firewall Manager analysis VerificationDisplaying log report on the firewall webpage Intrusion Policy Log User log Recent list Inter-zone access logs Blacklist logs Operation Logs Related information Subscription serviceContacting HP DocumentsConventions Command conventionsSymbols GUI conventionsNetwork topology icons Port numbering in examplesIndex Time ranges,58User access records auditing,96 Viewing device statistics,85
Related manuals
Manual 60 pages 30 Kb Manual 3 pages 40.21 Kb

Firewall specifications

HP Firewall, often positioned as a key component in enterprise network security, is designed to protect sensitive data and maintain secure communications across various environments. The primary role of a firewall is to monitor incoming and outgoing network traffic and make decisions based on a set of security rules. HP Firewalls utilize a combination of hardware and software to create a robust security framework that helps organizations manage their network perimeter effectively.

One of the main features of HP Firewall is its advanced security protocols that provide deep packet inspection. This technology scrutinizes packet contents beyond the header information, analyzing data flows for signs of malicious activity. By employing Stateful Inspection, HP Firewalls maintain a state table that logs active connections, allowing the firewall to evaluate packets in the context of established sessions. This helps optimize resource usage while delivering high-performance security.

Another characteristic of HP Firewall is its integration with HP's broader security ecosystem. By working seamlessly with other HP security products, such as HP Secure Access and HP Advanced Malware Protection, organizations can deploy a multi-layered security strategy. This integration enables centralized management, streamlining security policies and improving response times against threats.

HP Firewalls also feature next-generation capabilities. This includes intrusion prevention systems (IPS) that actively monitor network traffic for suspected threats and automatically take action to block potential breaches. Additionally, these firewalls come with application awareness features, allowing organizations to enforce policies based on specific applications rather than simply based on port or protocol. This granularity enhances control over minimal use of bandwidth while simultaneously mitigating risks from unwanted applications.

Furthermore, HP Firewall models are equipped with user identity management, allowing organizations to apply security policies based on user roles and the specific needs of the business. This significantly improves the overall security posture as it adds another layer of control.

Scalability is a notable characteristic of HP Firewalls, making them suitable for both small businesses and large enterprises. Organizations can expand their security infrastructure as needed while maintaining efficiency.

In summary, HP Firewalls deliver advanced security features, scalability, and seamless integration within the HP security ecosystem. Their emphasis on deep packet inspection, real-time monitoring, and user identity management make them a powerful asset in the defense against cyber threats, ensuring that organizations can protect their critical data and maintain the integrity of their network environments.