Traffic Management - McAfee M-1250 - Network Security Platform Configuration Manual

Ips configuration guide version 5.1

Hide thumbs Also See for M-1250 - Network Security Platform:

Upgrade manual (58 pages)

Deployment manual (36 pages)

Manual (32 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

page of 259

/ 259
Contents
Table of Contents
Bookmarks

Table of Contents

McAfee® Network Security Platform 5.1

Note that when you enable IP spoofing detection, a Sensor drops any IP-spoofed packets

but raises no alert. You can view the number of IP-spoofed packets dropped by the Sensor

by creating a dashboard in the Real-time Threat Analyzer.

To create a dashboard and view the count of IP-spoofed packets dropped by the Sensor:

Figure 195: Dashboard for anti IP spoofing

Note 1:

latest information.

Note 2:

the amount of traffic being monitored by the selected port, the counters may not

reset completely to zero. This is due to the amount of time it takes for the reset

request to be sent from the Manager to the Sensor and back. Traffic monitored

during that time will produce a value greater than zero.

Alternatively, you can also use the show inlinepktdropstats CLI command to view

the number of IP-spoofed packets dropped by a Sensor. For information on using this CLI,

refer to the

Traffic Management

Traffic management techniques help in avoiding traffic congestions, controlling the actual

traffic flow within the permissible limit of the network, and using queues to limit traffic

surges in the network.

Commit Changes

Click

to enable IP spoofing detection; click

Commit Changes

Once you select

thus, you do not have to execute an

Launch the Real-time Threat Analyzer from the Manager home page.

The Summary page opens.

Options > Dashboard > New

Click

Enter a name for the dashboard and click

No space or special characters are allowed in the Dashboard Name.

Assign Monitor

Click

In the Assign Monitor dialog, select Default Monitors as the

Type

Performance as the

, and Statistics – IP Spoofing as the

Click

In the Dashboard that you created, select the Sensor and the In-line port pair for

which you have enabled anti-spoofing.

Count

The

displays the number of IP-spoofed packets dropped at port-pair. If Disabled

Count

is displayed under

, it means that anti-spoofing is not enabled for that port-pair.

Ports

Note that

lists only the In-line port-pairs.

The dashboard is not updated in real-time. So, click

Reset Counters

You can click

Sensor CLI Guide

, the configuration is sent via SNMP to the Sensor;

Update Configuration

to reset all data to zero. However, depending on

190

The IPS Sensor_Name node

Ignore Changes

to abort.

for the Sensor.

This manual is also suitable for:

Network security platform

Traffic Management - McAfee M-1250 - Network Security Platform Configuration Manual

Traffic Management

Related Manuals for McAfee M-1250 - Network Security Platform

Related Content for McAfee M-1250 - Network Security Platform

This manual is also suitable for:

Table of Contents