Device monitoring

In addition to the attack event information of the entire network, the firewall management component also allows you to view the attack event information of every firewall device.

Configuration guide

From the navigation tree of the firewall management component, select Device Monitoring under Events Monitor to enter the device monitoring page, as shown in Figure 44. The page presents the attack protection information in the last hour by device, including the total number of events, number of blocked events, number of source/destination IP addresses, and number of destination ports.

Figure 44 Device monitoring

In the list, you can:

Click the icon in the Snapshot column of a firewall device to enter the attack event snapshot page of the device. For more information, see “Snapshot of events.”

Click the icon in the Details column of a firewall device to enter the attack event details page of the device. For more information, see “Event details.”

The firewall management component features comprehensive analysis and statistics reports, through which you can evaluate the network security status in real time, and take attack prevention measures accordingly.

Event analysis

Event overview

The system supports comprehensive analysis of attack events, including:

Attack event trend analysis during a day, week, month, and a customized period

TopN statistics reports by event, destination IP address, source IP address, destination port, and protocol. You can export the reports.

Configuration guide

From the navigation tree of the firewall management component, select Event Overview under Event Analysis. The attack event trend page appears by default, as shown in Figure 45. This page allows you to view attack event trend analysis during a day, week, month, or a customized period of time. This page shows a trend graph comparing the counts of blocked attack events and the other attack events as well as a trend graph of attack events by severity level. Under the trend graphs is a list showing the detailed attack event statistics, including the number of events, number of blocked events, and number of events of each severity level.

45

Page 49
Image 49
HP Firewall manual Event analysis, Device monitoring, Event overview

Firewall specifications

HP Firewall, often positioned as a key component in enterprise network security, is designed to protect sensitive data and maintain secure communications across various environments. The primary role of a firewall is to monitor incoming and outgoing network traffic and make decisions based on a set of security rules. HP Firewalls utilize a combination of hardware and software to create a robust security framework that helps organizations manage their network perimeter effectively.

One of the main features of HP Firewall is its advanced security protocols that provide deep packet inspection. This technology scrutinizes packet contents beyond the header information, analyzing data flows for signs of malicious activity. By employing Stateful Inspection, HP Firewalls maintain a state table that logs active connections, allowing the firewall to evaluate packets in the context of established sessions. This helps optimize resource usage while delivering high-performance security.

Another characteristic of HP Firewall is its integration with HP's broader security ecosystem. By working seamlessly with other HP security products, such as HP Secure Access and HP Advanced Malware Protection, organizations can deploy a multi-layered security strategy. This integration enables centralized management, streamlining security policies and improving response times against threats.

HP Firewalls also feature next-generation capabilities. This includes intrusion prevention systems (IPS) that actively monitor network traffic for suspected threats and automatically take action to block potential breaches. Additionally, these firewalls come with application awareness features, allowing organizations to enforce policies based on specific applications rather than simply based on port or protocol. This granularity enhances control over minimal use of bandwidth while simultaneously mitigating risks from unwanted applications.

Furthermore, HP Firewall models are equipped with user identity management, allowing organizations to apply security policies based on user roles and the specific needs of the business. This significantly improves the overall security posture as it adds another layer of control.

Scalability is a notable characteristic of HP Firewalls, making them suitable for both small businesses and large enterprises. Organizations can expand their security infrastructure as needed while maintaining efficiency.

In summary, HP Firewalls deliver advanced security features, scalability, and seamless integration within the HP security ecosystem. Their emphasis on deep packet inspection, real-time monitoring, and user identity management make them a powerful asset in the defense against cyber threats, ensuring that organizations can protect their critical data and maintain the integrity of their network environments.