HP X Unified Security Platform Quarantine Action Set Configuration Parameters

Parameter

Description

Web Requests

Select an option to specify how the Quarantine action manages HTTP

traffic:

• Block the requests entirely

• Redirect the client to another web server

• Display quarantine web page with information on the triggered

filter and any customized message specified. For details, see

“Configure a Quarantine Action Set” on page 51.

Other Traffic

Determines how the device handles other non-HTTP traffic when the

Action set is triggered: Block or Permit.

Limit quarantine to the

Create a list of “limit to” IP addresses. This option limits the filter

following IP address(es)

using this action set to quarantine only those connections and

systems matching the IP addresses listed.

Thresholds

Specifies a threshold to prevent network users from being

quarantined the first time their network traffic triggers a filter

configured with a quarantine action set:

• Quarantine Threshold is the number of hits before the threshold

triggers

• Quarantine Threshold Period is the time interval for the hit count

For example, if you enter 5 for the Quarantine Threshold and 30 for

the Quarantine Threshold Period, only hosts which match a filter 5

times in 30 minutes are quarantined.

Threshold parameter limits are 1 to 10,000 hits during a period from

1 to 60 minutes.

If Thresholds are not configured, a host is quarantined the first time

its traffic matches a filter configured with a quarantine action set.

Do not quarantine the

Create a list of excluded IP addresses which will not be quarantined.

following IP addresses

Even if a filter with quarantine triggers, these IP addresses will not be

quarantined, continuing with other commands in the action set.For

example, the action set may include quarantine commands to block

the traffic and redirect web requests to a particular server.