Configuring Single-Node Parameters - Symantec 10521146 - Network Security 7120 Administration Manual

Configuring single-node parameters

You can configure a policy for an in-line pair that alerts on or blocks malicious
traffic. When a malicious packet is detected in alerting mode, the appliance
software executes the configured responses, which may be email, Network
Security console displays, or other choices available on both appliances and
Network Security software nodes. Blocking mode prevents malicious traffic of
the designated event types from being transmitted into your protected network.
When a blocked TCP/IP event is detected, the node sends TCP resets to both
interfaces in the pair. For a blocked UDP event, the appliance drops the packet
and marks the flow as dropped.
For policies configured with both blocking and alerting, you can run Network
Security with blocking disabled until you are sure the policy is correct. If you
decide that the configured event types should be blocked, you can change the
policy to enable blocking with a single mouse-click in the Network Security
console.
About fail-open
Fail-open is an option when using in-line mode and is the default for passive
mode. Fail-open means that if the appliance has a hardware failure, network
traffic will continue. Since the Symantec Network Security 7100 Series
appliance is directly in the network path while deployed using in-line mode,
fail-open capability requires the purchase and installation of a separate device.
The Symantec Network Security In-line Bypass unit has been custom designed
to provide fail-open capability for the Symantec Network Security 7100 Series.
The bypass unit is available in two models, which accommodate two or four
in-line interface pairs respectively. Fail-open is available for all copper gigabit
or Fast Ethernet interfaces on the appliance. It is not an option for fiber
interfaces at this time. The In-line Bypass unit is only necessary for fail-open
when appliance interfaces are configured for in-line mode. All interfaces
configured in passive mode are fail-open by default.
Symantec Network Security provides configurable parameters to customize
your network intrusion detection system from multiple levels. These
parameters fall into the following three categories:
Node parameters: Apply to individual nodes, either within a cluster or set
■
up as peers.
For more information about node parameters, see
parameters" on page 310.
Cluster parameter: Applies to all nodes within a cluster.
■
Getting started
Deploying single nodes
"Configuring node
63