HP Firewall manual Attack event details Event details query options

Page 52

Figure 47 Attack event details

Table 54 Event details query options

Option

Description

 

Select a device, a device group, or All devices from the Device drop-down list. The system

 

will display the relevant event information. All devices and device groups that are under

 

your management will appear in the drop-down list.

Device

IMPORTANT:

If you select a device group, the system will display the event information (matching the

 

 

filter) of all firewall devices in the device group in the specified statistics duration.

 

If you select a device name, the system will display the event information (matching the

 

filter) of the firewall device in the specified statistics duration.

 

 

Filter

Select a filter from the drop-down list to filter attack events.

 

 

Duration

Select the statistics duration. You can select Day, Week, or Month, or select Customize to

specify a statistics duration.

 

 

 

Time

Select the statistics time, whose value range varies with the statistics duration selected.

 

 

Event

Select an attack event type to query the specified type of attack events

 

 

Protocol

Select the attack protocol. The default is --, which means any protocol.

 

 

Severity

Select the attack severity. The default is --, which means any severity.

 

 

Src IP

Specify the attack source IP address.

 

 

Dest IP

Specify the attack destination IP address.

 

 

Dest Port

Specify the attack destination port.

 

 

Grouping by

Select a grouping mode. The system supports seven grouping modes: None, Event, Src IP,

Dest IP, Src IP and Dest IP, Dest Port, and Protocol.

 

 

 

48

Image 52
Contents HP A-IMC Firewall Manager Page Contents Page Introduction to HP A-IMC Firewall Manager What HP A-IMC Firewall Manager can doInstalling the firewall manager Registering the firewall managerUninstalling the firewall manager Register your licenseDevice management Operator management System configuration Device managementManaging devices Device managementFunction Description Device query optionOption Description Fields of the device listAdd a device Device configuration items Return to Device management functionsTelnet Password, Snmp Version, Community String for Reading, Device information Device software management Fields of the device software listDeploying software to devices Deploying software to devicesRequired Task Name Software backup result Return to Device software management functionsDevice config management Fields of the software backup result listBacking up configuration files Restoring a configuration fileFields of the device configuration management list Backing up configuration filesDevice configuration information management interface Fields of the configuration label list Running ConfigTab Description LabelCompare two configuration files Fields of the running configuration list Draft list Fields of the draft listManaging batch import Configuration guideManaging device groups Device group list Adding a device groupDevice group management functions Fields of the device group listManaging events Device event listDevice event query options OptionDevice interface event list Fields of the device event listDevice interface event query options OptionDescriptionManaging device access templates Template listFields of the template list Return to Template management functionsAdd a template Template configuration items Adding a templateManaging the device software database Importing device software Device software database query optionFields of the device software database list Importing device softwareDeployment task query option Managing deployment tasksFields of the deployment task list Operator management Managing operatorsUser levels and the rights User level RightsOperator list Adding an operatorOperator management functions Function Description Fields of the operator listOperator configuration items Managing operation logsFields of the operation log list Changing your login passwordItemDescription Configuring system parameter System configurationConfiguring management ports Configuring the mail server Configure the mail server Mail server configuration itemsManaging filters Filter listFields of the filter list Filter listFieldDescription Adding a filterReturn to Filter management functions Managing Ldap servers Ldap server listLdap server list Adding an Ldap serverFields of the Ldap server list Adding an Ldap serverReturn to Ldap server management functions Managing log retention time Monitoring the disk spaceActual free disk space is lower than this value Managing subsystems Free disk space monitoringAdding a subsystem Subsystem information Fields of the subsystem listPage Attack events monitoring Snapshot of eventsSnapshot of events Event snapshot query options Fields in the event snapshot listsRecent events list Fields of the recent events listDevice monitoring Event analysisEvent overview Are under your management will appear in the drop-down list Event details Top 10 attack events contrast graphAttack event details Event details query options Report exporting management Fields of the attack event details listReport export file list Fields of the report export task listReport export task management functions Report export file listAdding a report export task Event auditingReturn to Report export task management functions Inter-zone access log auditing Abnormal traffic log auditingBlacklist log auditing Operation log auditingOther log auditing Operation log auditingNAT log auditing Mpls log auditingSecurity zones Security policy managementSecurity zone list Security zone list Adding a security zoneFields of the security zone list Return to Security zone management functionsSecurity zone configuration item Time rangesImporting security zones from a device Time range listTime range list Adding a time rangeFields of the time range list Return to Time range management functionsPredefined services ServicesFields of the predefined service list User-defined services Return to Service management functionsType a name for the user-defined service Service groups Service group management Fields of the service group listAdd a service group Service group configuration items Host addresses IP addressesFields of the host address list Add a host address Host address configuration items Address ranges Address range management Fields of the address range listAddress range configuration items Subnet addressesAdd an subnet address Subnet address configuration items IP address groups Add an IP address group IP address group configuration items Interzone rules Interzone rule listInterzone rule query options Interzone rule listAdding an interzone rule Fields of the interzone rule listFiled Description Return to Interzone rule management functionsAdd an interzone rule Interzone rule configuration items Add source IP addresses for the interzone rule Interzone policies Interzone policy listInterzone policy list Adding an interzone policyAdding an interzone policy Rule managementFields of the interzone policy list Return to Interzone policy management functionsRule management Fields of the policy’s rule list Sorting interzone rules Move rulesInterzone policy applications Interzone policy application listInterzone policy application query options Fields of the interzone policy application listApplied rules list Applying interzone policiesReturn to Interzone policy application management functions Zone and destination zone pair is numbered Firewall device management Managing firewall devicesFirewall management functions Firewall device listFirewall device list Adding firewall devicesQuery options on the firewall device management Fields of the firewall device listManaging the device configuration database Viewing device statisticsConfiguration segment list Fields of the configuration segments listAdding a configuration segment Return to Configuration segment management functionsImporting configuration segments from device Configuration segment configuration itemsDeploying a configuration segment Configure deployment task attributes Deployment task list Deployment task listFields of the deployment task list Online users Comprehensive analysisComprehensive analysis SSL VPN log auditing Online users trends Daily user statisticsUser Count field shows the count of login times on that day Daily user statisticsUser access records auditing SSL VPN log auditingResource access auditing Authentication failure auditingAuthentication failure auditing Network requirements Configuration procedureAdding devices to the firewall manager Add a device to the firewall management component Configuration procedures Configuring the firewall deviceConfigure Snmp on the FW device Configuring the Firewall ManagerEnter the following commands in the CLI Enable logging and send logs to Firewall Manager Add the FW device to the Firewall ManagerConfigure a log host Configuring intrusion detection UserlogScanning detection Blacklist Urpf check Firewall logs and Firewall Manager analysis VerificationDisplaying log report on the firewall webpage Intrusion Policy Log User log Recent list Inter-zone access logs Blacklist logs Operation Logs Subscription service Contacting HPRelated information DocumentsCommand conventions SymbolsConventions GUI conventionsNetwork topology icons Port numbering in examplesIndex Time ranges,58User access records auditing,96 Viewing device statistics,85
Related manuals
Manual 60 pages 30 Kb Manual 3 pages 40.21 Kb

Firewall specifications

HP Firewall, often positioned as a key component in enterprise network security, is designed to protect sensitive data and maintain secure communications across various environments. The primary role of a firewall is to monitor incoming and outgoing network traffic and make decisions based on a set of security rules. HP Firewalls utilize a combination of hardware and software to create a robust security framework that helps organizations manage their network perimeter effectively.

One of the main features of HP Firewall is its advanced security protocols that provide deep packet inspection. This technology scrutinizes packet contents beyond the header information, analyzing data flows for signs of malicious activity. By employing Stateful Inspection, HP Firewalls maintain a state table that logs active connections, allowing the firewall to evaluate packets in the context of established sessions. This helps optimize resource usage while delivering high-performance security.

Another characteristic of HP Firewall is its integration with HP's broader security ecosystem. By working seamlessly with other HP security products, such as HP Secure Access and HP Advanced Malware Protection, organizations can deploy a multi-layered security strategy. This integration enables centralized management, streamlining security policies and improving response times against threats.

HP Firewalls also feature next-generation capabilities. This includes intrusion prevention systems (IPS) that actively monitor network traffic for suspected threats and automatically take action to block potential breaches. Additionally, these firewalls come with application awareness features, allowing organizations to enforce policies based on specific applications rather than simply based on port or protocol. This granularity enhances control over minimal use of bandwidth while simultaneously mitigating risks from unwanted applications.

Furthermore, HP Firewall models are equipped with user identity management, allowing organizations to apply security policies based on user roles and the specific needs of the business. This significantly improves the overall security posture as it adds another layer of control.

Scalability is a notable characteristic of HP Firewalls, making them suitable for both small businesses and large enterprises. Organizations can expand their security infrastructure as needed while maintaining efficiency.

In summary, HP Firewalls deliver advanced security features, scalability, and seamless integration within the HP security ecosystem. Their emphasis on deep packet inspection, real-time monitoring, and user identity management make them a powerful asset in the defense against cyber threats, ensuring that organizations can protect their critical data and maintain the integrity of their network environments.