Ips Signature Library Automatic Update Configuration Example - HP MSR Series Configuration Manual
Hpe flexnetwork msr router series
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (684 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
Verifying the configuration
# Verify that the device can use the default IPS policy to detect and prevent known network attacks.
(Details not shown.)
For
example,
GNU_Bash_Local_Memory_Corruption_Vulnerability(CVE-2014-718), the device automatically
executes the signature actions (reset and logging) on the packet.
# Verify that the device IPS signature library is updated.
<Device> display ips signature information
IPS signature library automatic update configuration example
Network requirements
As shown in
security zone Untrust.
Configure the device to automatically update the local IPS signature library at a random time
between 08:30 am and 09:30 am every Saturday.
Figure 183 Network diagram
Configuration procedure
1.
Assign IP addresses to interfaces, as shown in
2.
Configure DNS for the device to resolve the domain name of the TippingPoint website into the
IP address. (Details not shown.)
3.
Enable automatic IPS signature library update.
<Device> system-view
[Device] ips signature auto-update
[Device-ips-autoupdate]
# Configure the device to perform automatic update at a random time between 08:30 am and
09:30 am every Saturday.
[Device-ips-autoupdate] update schedule weekly sat start-time 9:00:00 tingle 30
[Device-ips-autoupdate] quit
Verifying the configuration
# Verify that the device IPS signature library is updated as scheduled.
<Device> display ips signature information
if
an
incoming
Figure
183, LAN users in the security zone trust can access Internet resources in the
attack
packet
the
Figure
183. (Details not shown.)
590
predefined
IPS
signature
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
