Ips Mechanism - HP MSR Series Configuration Manual

blacklist feature, see Security Configuration Guide. For information about configuring the block
period, see the DPI engine commands in the DPI Command Reference.
•
Drop—Drops matching packets.
•
Permit—Permits matching packets to pass.
•
Capture—Captures matching packets.
•
Logging—Logs matching packets.

IPS mechanism

As shown in
1. The device compares the packet with the IP blacklist rules.
If a matching rule is found, the device drops the packet.
If no matching rule is found, the device goes to step 2.
2. The device compares the packet with the object policy rules. The device identifies the packet
application layer protocol and extracts the packet signatures if the matching object policy rule
meets the following conditions:
The object policy rule is configured with the inspect app-profile-name option. The
app-profile-name argument specifies the DPI application profile.
The specified DPI application profile uses an IPS policy.
For more information about object policy rules, see Security Configuration Guide.
3. The device determines the actions for the packet by comparing the extracted packet signatures
with the IPS signatures in the IPS policy:
If the packet does not match any IPS signatures, the device permits the packet to pass.
If the packet matches only one IPS signature, the device takes the signature actions.
If the packet matches multiple IPS signatures, the device uses the following rules to select
the actions:
− If the matching IPS signatures have two or more actions, including block-source,
− The device will execute the block-source, capture, and logging actions if they are in
Figure 179, upon receiving a packet, the IPS device performs the following operations:
redirect, drop, permit, and reset, the device takes the action of the highest priority. The
actions in descending order of priority are reset, redirect, block-source/drop, and
permit.
the matching IPS signatures.
577