H3C SecBlade IPS User Manual

H3C Intrusion Prevention System

Web-Based Configuration Guide

Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com

Document Version: 5PW103-20101101

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

Notice

H3C, , Aolynk, , H3Care, SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V

, TOP G, , IRF, NetPilot, Neocean, NeoVTL,

G, VnG, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners.

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

Preface

H3C IPS products are new-generation intrusion prevention devices developed by H3C for enterprise users, industry users, and Telecom users. They are one of the most crucial products in the intelligent Safe Pervasive Network (iSPN) of H3C IToIP architecture.

An IPS device can be deployed in the inline mode on the critical path of a network to perform detailed inspection of Layer 2-7 traffic passing through the p ath, and thus to precisely identify, block, and control various types of network attacks or flood attacks in real time.

An IPS device can also be connected to a network in the bypass mode. In that case, the IPS device is similar to the intrusion detection system (IDS) device in functions. It can capture packets by receiving mirrored traffic and detecting copied packets, and execute security actions indirectly through response packets, thus protecting the network.

Moreover, IPS devices can provide powerful and realistic bandwidth management and URL filtering functions.

H3C IPS products involve the complete series of high end-to-low end IPSs, and provide box-type devices and card-type IPS devices. For more information about IPS models, see H3C IPS Series Products at the H3C website.

This preface includes:

z Audience z Conventions z About the H3C IPS Web-Based Configuration Guide z Obtaining Documentation z Technical Support z Documentation Feedback

Audience

This documentation is intended for:

z Network planners z Field technical support and servicing engineers z Network administrators working with the H3C IPS products

Conventions

This section describes the conventions used in this documentation set.

Command conventions

Convention Description

Boldface Bold

italic

[ ]

Italic text represents arguments that you replace with actual values. Square brackets enclose syntax choices (keywords or arguments) that are

optional.

text represents commands and keywords that you enter literally as shown.

Convention Description

{ x | y | ... }

[ x | y | ... ]

{ x | y | ... } *

[ x | y | ... ] *

&<1-n>

# A line that starts with a pound (#) sign is comments.

Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.

Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none.

Asterisk marked braces enclose a set of required syntax choices separated by vertical bars, from which you select at least one.

Asterisk marked square brackets enclose optional syntax choices separated by vertical bars, from which you may select multiple choices or none.

The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times.

GUI conventions

Convention Description

Boldface

Window names, button names, field names, and menu items are in Boldface. For example, the

Multi-level menus are separated by angle brackets. For example,

Folder

New User

window appears; click OK.

File

Create

Symbols

Convention Description

Network topology icons

Convention Description

Means reader be extremely careful. Improper operation may cause bodily injury.

Means reader be careful. Improper operation may cause data loss or damage to equipment.

Means an action or information that needs special attention to ensure successful configuration or good performance.

Means a complementary description.

Means techniques helpful for you to make configuration with ease.

Represents an H3C IPS device.

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

About the H3C IPS Web-Based Configuration Guide

Organization

The H3C IPS web-based configuration guide describes the following features:

Feature Description

Describes the Web-based network management (NM) for the IPS.

z Logging in to/out from the web interface

Web overview

Device management

User management

System manage ment

Network management

High availability

Time table management

Action management

Log management

IPS

z Introduction to web users and levels z Introduction to the web interface and web-based NM functions z Common web interface elements z Configuration guidelines

Describes basic configurations for IPS management.

z Displaying system status, system information, and system time z Configuring system monitoring z Save configuration, manage the configuration file, and restore the factory

defaults

z Upgrading signature database and software versions z Displaying license information, importing and exporting a license z Setting the operating mode z Configuring OAA z Rebooting system

Describes user management functions for the IPS device.

z Managing user accounts and online users z Configuring a security policy

Describes network management configurations for the IPS.

z Configuring management interface parameters, executing a ping operation,

creating a static route, and configuring DNS servers

z Displaying and configuring interface properties z Creating security zones z Creating a segment and configuring segment bandwidth control

Describes the high availability features of the IPS.

z Configuring Layer 2 fallback z Configuring interface status synchronization

Describes the time table configuration for the IPS.

z Creating a time table

Describes action management configurations for the IPS.

z Creating a block, rate limit, or notify action z Creating an action set z Uploading packet trace files

Describes log management configurations for the IPS.

z Displaying, querying, deleting system logs, operation logs, attack logs, and

virus logs

z Querying service logs and URL logs z Configuring device logs, data logs, and email logs

Describes the attack prevention configurations for the IPS.

z Creating an IPS policy z Configuring rules for a policy z Applying an IPS policy to a segment z Configuring IPS policy shortcut application

Feature Description

Describes URL filtering configurations for the IPS.

URL Filtering

z Configuring URL filtering global parameters z Creating and applying a URL filtering policy

Describes anti-virus configurations for the IPS.

z Creating an anti-virus policy

Anti-virus

z Configuring rules for a policy z Applying a policy to a segment z Querying viruses

Describes DDoS prevention configurations for the IPS.

z Creating a DDoS policy z Configuring learning rules z Applying a DDoS policy to a segment

DDoS

z Maintaining a DDoS policy application z Adding detection rules z Adding a static filtering rule z Configuring dynamic filtering rules z Displaying DDoS statistics

Describes bandwidth management configuration for the IPS.

Bandwidth management

z Configuring protocols and services z Creating a bandwidth management policy and applying the policy to a segment

Describes blacklist configurations for the IPS.

Blacklist

z Adding a blacklist entry manually z Querying blacklist entries

Describes report configurations for the IPS.

z Displaying packet statistics

Report

z Configuring, querying traffic statistics reports and top N reports z Querying attack reports and top N attack reports z Querying virus reports and top N virus reports

Acronym Lists the acronyms used in the IPS web-based configuration guide.

Obtaining Documentation

You can access the most up-to-date H3C product documentation on the World Wide Web at

http://www.h3c.com.

Click the links on the top navigation bar to obtain different categories of product documentation:

[Technical Support & Documents > Technical Documents] – Provides hardware installation, software

upgrading, and software feature configuration and maintenance documentation.

[Products & Solutions] – Provides information about products and technologies, as well as solutions. [Technical Support & Documents > Software Download] – Provides the documentation released with

the software version.

Technical Support

customer_service@h3c.com http://www.h3c.com

Documentation Feedback

You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

1 Web Overview............................................................................................................................................1-1

Overview.................................................................................................................................................1-1

Logging In to the Web Interface..............................................................................................................1-1

Logging Out of the Web Interface...........................................................................................................1-2

Introduction to Web Users and Levels....................................................................................................1-3

Introduction to the Web Interface............................................................................................................1-3

Introduction to the Web-Based NM Functions........................................................................................1-4

Common Web Interface Elements........................................................................................................1-10

Configuration Guidelines.......................................................................................................................1-13

2 Device Registration...................................................................................................................................2-1

Device Registration.................................................................................................................................2-1

License File Update ................................................................................................................................2-2

3 Device Management..................................................................................................................................3-1

System Status.........................................................................................................................................3-1

System Status Overview .................................................................................................................3-1

Viewing System Status....................................................................................................................3-1

System Information.................................................................................................................................3-5

System Information Overview .........................................................................................................3-5

Viewing System Information............................................................................................................3-5

System Time...........................................................................................................................................3-6

System Time Overview....................................................................................................................3-6

Configuring System Time................................................................................................................3-6

System Monitoring ..................................................................................................................................3-7

System Monitoring Overview...........................................................................................................3-7

Configuring System Monitoring.......................................................................................................3-7

Configuration Maintenance.....................................................................................................................3-8

Configuration Maintenance Overview .............................................................................................3-8

Saving the Current Configuration....................................................................................................3-9

Configuration File Management......................................................................................................3-9

Restoring the Factory Defaults......................................................................................................3-11

Signature Upgrade................................................................................................................................3-11

Signature Upgrade Overview........................................................................................................3-11

Signature Database Version Management...................................................................................3-12

Manual Upgrade............................................................................................................................3-12

Auto Upgrade ................................................................................................................................3-13

Software Upgrade.................................................................................................................................3-14

Software Upgrade Overview .........................................................................................................3-14

Upgrading Software.......................................................................................................................3-15

License..................................................................................................................................................3-16

License Overview..........................................................................................................................3-16

Managing a License ......................................................................................................................3-16

Operating Mode ....................................................................................................................................3-17

Operating Mode Overview.............................................................................................................3-17

Configuring Operating Mode.........................................................................................................3-18

Configuration Guidelines...............................................................................................................3-19

OAA Configuration................................................................................................................................3-20

OAA Configuration Overview ........................................................................................................3-20

Configuring OAA Client .................................................................................................................3-22

OAA Configuration Example .........................................................................................................3-23

System Reboot......................................................................................................................................3-27

System Reboot Overview..............................................................................................................3-27

Rebooting the system....................................................................................................................3-27

4 User Management......................................................................................................................................4-1

User Management Overview ..................................................................................................................4-1

Configuring User Management...............................................................................................................4-1

Configuration Task List....................................................................................................................4-1

Managing User Accounts ................................................................................................................4-2

Managing Online Users...................................................................................................................4-3

Configuring the Security Policy .......................................................................................................4-4

5 Management Interface Configuration......................................................................................................5-1

Overview.................................................................................................................................................5-1

Management Interface Parameters.................................................................................................5-1

Ping..................................................................................................................................................5-1

Static Routes...................................................................................................................................5-1

DNS Servers....................................................................................................................................5-2

Configuring a Management Interface......................................................................................................5-2

Configuring Management Interface Parameters .............................................................................5-2

Executing a Ping Operation.............................................................................................................5-4

Creating a Static Route ...................................................................................................................5-4

Configuring DNS Servers................................................................................................................5-5

6 Interface Configuration.............................................................................................................................6-1

Overview.................................................................................................................................................6-1

Configuring and Displaying Interface Properties ....................................................................................6-1

7 Security Zone Configuration....................................................................................................................7-1

Overview.................................................................................................................................................7-1

Configuring a Security Zone ...................................................................................................................7-1

Configuration Task List....................................................................................................................7-1

Creating a Security Zone.................................................................................................................7-2

Security Zone Configuration Example ....................................................................................................7-4

8 Segment Configuration.............................................................................................................................8-1

Overview.................................................................................................................................................8-1

Configuring a Segment ...........................................................................................................................8-1

Configuration Task List....................................................................................................................8-1

Creating a Segment.........................................................................................................................8-1

Applying a Segment Bandwidth Control Scheme to the Segment..................................................8-4

Precautions.............................................................................................................................................8-4

9 Layer 2 Fallback.........................................................................................................................................9-1

Layer 2 Fallback Overview......................................................................................................................9-1

Configuring Layer 2 Fallback..................................................................................................................9-1

Guidelines...............................................................................................................................................9-2

10 Interface Status Synchronization.........................................................................................................10-1

Interface Status Synchronization Overview..........................................................................................10-1

Configuring Interface Status Synchronization.......................................................................................10-1

11 Time Table Management.......................................................................................................................11-1

Time Table Management Overview......................................................................................................11-1

Configuring Time Table Management...................................................................................................11-1

Configuration Task List..................................................................................................................11-1

Creating a Time Table...................................................................................................................11-1

12 Action Management...............................................................................................................................12-1

Action Management Overview..............................................................................................................12-1

Configuring Action Management...........................................................................................................12-1

Configuration Task List..................................................................................................................12-1

Creating a Block Action.................................................................................................................12-2

Creating a Notify Action.................................................................................................................12-3

Creating an Action Set...................................................................................................................12-4

Uploading Packet Trace Files .......................................................................................................12-7

13 Log Management...................................................................................................................................13-1

System Logs .........................................................................................................................................13-1

System Logs Overview..................................................................................................................13-1

Displaying Recent Logs.................................................................................................................13-1

Querying System Logs..................................................................................................................13-3

Deleting System Logs....................................................................................................................13-4

Backing Up System Logs ..............................................................................................................13-4

Operation Logs......................................................................................................................................13-4

Operation Logs Overview..............................................................................................................13-4

Displaying Recent Logs.................................................................................................................13-5

Querying Operation Logs ..............................................................................................................13-6

Deleting Operation Logs................................................................................................................13-8

Backing Up Operation Logs ..........................................................................................................13-8

Attack Logs ...........................................................................................................................................13-8

Attack Logs Overview....................................................................................................................13-8

Displaying Recent Logs.................................................................................................................13-9

Querying Attack Logs..................................................................................................................13-10

Deleting Attack Logs....................................................................................................................13-11

Virus Logs...........................................................................................................................................13-12

Virus Logs Overview....................................................................................................................13-12

Displaying Recent Logs...............................................................................................................13-12

Querying Virus Logs....................................................................................................................13-14

iii

Deleting Virus Logs .....................................................................................................................13-15

Service Logs .......................................................................................................................................13-16

URL Logs............................................................................................................................................13-17

Log Configuration................................................................................................................................13-19

Log Configuration Overview........................................................................................................13-19

Configuring Device Logs .............................................................................................................13-19

Configuring Data Logs.................................................................................................................13-20

Configuring Email Parameters ....................................................................................................13-22

14 IPS...........................................................................................................................................................14-1

IPS Overview ........................................................................................................................................14-1

Configuring IPS.....................................................................................................................................14-1

Configuration Task List..................................................................................................................14-1

Creating IPS Policy........................................................................................................................14-2

Configuring Default Rules for the Policy........................................................................................14-3

Configuring User Defined Rules for the Policy..............................................................................14-6

Applying an IPS Policy to a Segment............................................................................................14-8

Configuring IPS Policy Fast Application......................................................................................14-10

IPS Configuration Example.................................................................................................................14-11

Configuration Guidelines.....................................................................................................................14-14

15 URL Filtering Configuration .................................................................................................................15-1

URL Filtering Overview.........................................................................................................................15-1

Configuring URL Filtering......................................................................................................................15-1

Configuration Task List..................................................................................................................15-1

Configuring Global Parameters for URL Filtering..........................................................................15-2

Creating and Applying a URL Filtering Policy...............................................................................15-4

URL Filtering Configuration Example..................................................................................................15-10

URL Filtering Configuration Example (Category-Based URL Filtering Supported).....................15-10

URL Filtering Configuration Example (Category-Based URL Filtering Unsupported).................15-15

Configuration Guidelines.....................................................................................................................15-19

16 Anti-Virus Configuration.......................................................................................................................16-1

Anti-Virus Overview...............................................................................................................................16-1

Configuring Anti-Virus...........................................................................................................................16-1

Configuration Task List..................................................................................................................16-1

Creating an Anti-Virus Policy.........................................................................................................16-2

Configuring Rules for the Policy....................................................................................................16-2

Applying the Policy to a Segment..................................................................................................16-5

Querying Viruses...........................................................................................................................16-6

Anti-Virus Configuration Example.........................................................................................................16-6

Configuration Guidelines.....................................................................................................................16-10

17 DDoS Protection Configuration ...........................................................................................................17-1

Overview...............................................................................................................................................17-1

Introduction to DDoS.....................................................................................................................17-1

Terminology of DDoS Protection...................................................................................................17-2

Implementation of DDoS Protection..............................................................................................17-2

DDoS Protection States.................................................................................................................17-3

Configuring DDoS Protection................................................................................................................17-3

DDoS Protection Configuration Task List......................................................................................17-3

Creating a DDoS Policy.................................................................................................................17-5

Configuring Learning Rules...........................................................................................................17-6

Applying a DDoS Policy on a Segment.........................................................................................17-8

Maintaining a DDoS Policy Application.......................................................................................17-10

Configuring Detection Rules........................................................................................................17-11

Configuring Static Filtering Rules................................................................................................17-15

Configuring Dynamic Filtering Rules...........................................................................................17-18

Displaying DDoS Data Statistics .................................................................................................17-19

DDoS Protection Configuration Example............................................................................................17-20

Configuration Guidelines.....................................................................................................................17-22

18 Bandwidth Management.......................................................................................................................18-1

Overview...............................................................................................................................................18-1

Introduction to Bandwidth Management........................................................................................18-1

Introduction to Services.................................................................................................................18-1

Configuring Bandwidth Management....................................................................................................18-1

Configuration Task List..................................................................................................................18-1

Configuring Protocols....................................................................................................................18-2

Configuring Services .....................................................................................................................18-4

Creating and Applying a Bandwidth Management Policy .............................................................18-6

Bandwidth Management Configuration Example................................................................................18-11

Configuration Guidelines.....................................................................................................................18-17

19 Blacklist..................................................................................................................................................19-1

Blacklist Overview.................................................................................................................................19-1

Configuring Blacklist..............................................................................................................................19-1

Configuration Task List..................................................................................................................19-1

Adding a Blacklist Entry Manually.................................................................................................19-1

Querying Blacklist Entries..............................................................................................................19-2

Blacklist Configuration Example ...........................................................................................................19-3

20 Packet Statistics....................................................................................................................................20-1

Overview...............................................................................................................................................20-1

Viewing Packet Statistics......................................................................................................................20-1

21 Traffic Statistics Report........................................................................................................................21-1

Overview...............................................................................................................................................21-1

Configuring Traffic Statistics Reports....................................................................................................21-1

Configuration Task List..................................................................................................................21-1

Configuring Traffic Statistics Reports............................................................................................21-2

Querying the Traffic Statistics Reports..........................................................................................21-3

Configuring Top N Reports............................................................................................................21-4

Querying Top N Reports................................................................................................................21-4

22 Attack Report.........................................................................................................................................22-1

Overview...............................................................................................................................................22-1

Configuring Attack Reports...................................................................................................................22-1

Configuration Task List..................................................................................................................22-1

Querying Attack Reports ...............................................................................................................22-1

Querying Top N Attack Reports ....................................................................................................22-3

23 Virus Report...........................................................................................................................................23-1

Overview...............................................................................................................................................23-1

Configuring a Virus Report....................................................................................................................23-1

Configuration Task List..................................................................................................................23-1

Querying Virus Reports.................................................................................................................23-1

Querying Top N Virus Reports......................................................................................................23-3

24 Index .......................................................................................................................................................24-1

1 Web Overview

Overview

Hangzhou H3C Technologies Co., Ltd. (hereinafter referred to as H3C) provides the Web-based network management function for the Intrusion Prevention System (IPS) of H3C to facilitate the operations and maintenance on the IPS devices. Through this function, the administrator can visually manage and maintain the IPS devices through the Web-based configuration interfaces.

Figure 1-1 shows a Web-based network management operating system.

Figure 1-1 Web-based network management operating environment

Logging In to the Web Interface

The device is provided with the default Web login information .Y ou can use the default information to log in to the Web interface. The default Web login inform ation is:

z Username: admin z Password: admin z IP address of the device: 192.168.1.1

To log in to the device through the Web interface, follow these steps:

Step1 Connect the device and PC

Connect the default management port meth 0/0 of the device to the PC using a crossover Ethernet cable. For the IPS cards with silkscreen LSWM1IPS10 for S5800 and S5820X series switches, the default management port is meth 0/0. For other models of IPS cards, the default management port is meth 0/2.

z If the IPS device provides two management ports, you can use only one to manage the device at a

time.

z By default, a management port with the smallest ID is the default management port, and it is

assigned IP address 192.168.1.1/24. To make a management port with a larger ID the default management port, remove the IP address of the original default management po rt and assign an IP address to the management port that you want to configure as the default one.

1-1

Step2 Configure an IP address for the PC and ensure that the PC and device can communicate with each

other.

Modify the IP address to one within the network segment 192.168.1.0/24 (except for 192.168.1.1), for example, 192.168.1.2.

Step3 Launch the IE browser, and input the login information.

On the PC, launch the IE browser, type https://192.168.1.1 in the address bar (the HTTPS service is enabled by default), and press Enter. You can enter the login page of the Web interface, as shown in

Figure 1-2.

Click Chinese or English on the login page, in put the username (admin) password (admin), and ve rify code shown on the page, and click Login to enter the Web interfa ce.

Figure 1-2 Login page of the Web interface

z The PC where you configure the device is not necessarily the Web-based network management

terminal.

z After the first-time login, you are recommended to change the default password. For detailed

operation, refer to User Management.

z A verify code will expire in 2 minutes, so you need to use the code within the expiration time. To

obtain a new verify code, click the verify code image.

z Up to 5 users can concurrently log in to the device through the Web interface.

Logging Out of the Web Interface

Click Logout in the upper-right corner of the W eb interface. The system gives a confirmation dialog box , on which you can click OK to quit Web-based network management.

1-2

Introduction to Web Users and Levels

Web user levels include Level 0, Level 1, Level 2, Level 3, and auditor. Table 1-1 lists the Web user levels and corresponding operation rights.

Table 1-1 Web user levels and operation rights

User level Operation right

z Use the network diagnosis tool ping

Level 0 (Visit)

Level 1 (Monitor)

Level 2 (System)

Level 3 (Manage)

Auditor

z View the IP address of the management port, management rights,

static routes, and DNS server information

z Unable to perform configuration z Have the privileges of Level-0 users

z View all the other configuration information except user information z View all the other logs excepts operation logs z Unable to perform configuration z Unable to monitor packet distribution in real time

z Have the privileges of Level-1 users z Perform all the other configuration operations except user

configuration, operation log configuration, device log configuration, software upgrade, and configuration maintenance

z Have the privileges of Level-2 users z View all configuration information z View all logs z Perform all configuration operations

z View/back up/delete operation logs z Unable to perform other operations except the above ones

This manual assumes that a Level-3 user performs the configuration operations unless otherwise specified.

Introduction to the Web Interface

The Web interface is composed of three parts: navigation area, title area, and body area, as shown in

Figure 1-3.

1-3

Figure 1-3 Web-based configuration interface

(2)

(1)

(3)

(1) Navigation area (2) Title area (3) Body area

z Navigation area—Organizes the Web-based NM function menus in the form of a navigation tree,

where you can select function menus as needed. The result is displ ayed in the body area.

z Title area—Displays the path of the current configuration interface in the navigation area; provides

the Logout button to log out of the Web interface.

z Body area—The area where you can configure and display a function.

Introduction to the Web-Based NM Functions

Table 1-2 lists the Web-based NM functions.

Table 1-2 Web-based NM functions

Menu item Description User level

Syst em Man age ment

Devi ce Man age ment

System Status

Displays the current status of system software and hardware. Allows you to use links or the

block logs, anti-virus block logs, and system logs.

Allows you to use icon for IPS block logs, URL block logs, anti-virus block logs, and allows you to use icons

system logs. Allows you to use the link to view operation logs, and use

icons

, , and .

icon to view IPS block logs, URL

and for

Level 1

Level 2

Level 3

System Informatio n

System Time

Displays the current software versions, hardware versions, versions of signature packages, device serial number, MAC address of the NM port, and system time.

Displays system date, time, and time zone. Level 1 Allows you to set system time source and time zone. Level 2

1-4

Level 1

Menu item Description User level

Displays system thresholds, including CPU usage threshold,

System Monitoring

memory usage threshold, hardware usage threshold, CPU temperature upper and lower limits, and main board temperature upper and lower limits.

Allows you to set system thresholds, including CPU usage threshold, memory usage threshold, hardware usage threshold, CPU temperature upper and lower limits, and main board temperature upper and lower limits.

Level 1

Level 2

Configurat ion Maintenan ce

Signature Upgrade

Software Upgrade

License

Operating Mode

OAA Configurat ion

Allows you to save the current configuration; add, delete, upload, download, import, and export the configuration file; restore the factory defaults.

Displays current versions and history versions of signature packages, and configuration information of signature package auto upgrade.

Allows you to roll back signature packages to a history version. Upgrade signature package manually. Enable signature package auto upgrade and set the upgrade time.

Displays the software versions, upload date, sizes of the version files, and version status on the device.

Allows you to update and delete a software version, and modify software version status.

Displays license information, and allows you to import and export license file.

Displays operating mode configuration information. Level 1 Allows you to set operating mode parameters. Level 2 Displays OAA client configuration information. Level 1 Allows you to configure OAA client and test connectivity between

OAA client and server.

Level 3

Level 1

Level 2

Level 1

Level 3

Level 1

Level 2

User Man age ment

Netw ork Man age ment

System Reboot

User Accounts

Online Users

Security Policy

Managem ent Interface

Interface Configurat ion

Security

Allows you to reboot the device. Level 2

Displays user information, and allow you to add, modify and delete user accounts.

Displays all users that log in to the Web interface and allow you to kick out the logged-in users except yourself.

Displays security related information and allow you to configure the settings including timeout time, password strength, and lock settings.

Displays the IP address and protocol used by each management interface, display static routes and DNS server information, and allow you to perform ping operations.

Allows you to specify the IP address and protocol used by each management interface, add or delete static routes, and configure DNS servers.

Displays interface properties, including connection status, interface status, interface type, transmission rate, and duplex mode.

Allows you to configure interface properties, such as interface status, interface type, transmission rate, and duplex mode.

Displays all security zones, name links, and segment links. Level 1

Level 3

Level 0

Level 2

Level 1

Level 2

1-5

Menu item Description User level

Zone

Allows you to use icons or buttons , , perform corresponding functions.

Add

, and

Remove

Level 2

Segment Configurat ion

Layer 2

High Avail abilit y

Time Table List

Actio n Man age ment

Fallback

Interface Status Synchroni zation

Action Set List

Block Action List

Notify Action List

Displays all segments, segment links, internal zone links, and external zone links.

Allows you to control bandwidth for a specific segment by using

Activate, Add Segment, Apply

icons or buttons

Delete

. Displays the parameters related to Layer 2 fallback. Level 1 Allows you to set the parameters related to Layer 2 fallback. Level 2 Displays the configuration information of interface status

synchronization. Allows you to set interface status synchronization. Level 2 Displays all the time tables, and use the name links. Level 1

Allows you to use icons or buttons

Delete

. Displays all the action sets, and use the name links. Level 1

Allows you to use icons or buttons Displays all the block actions, and use the name links. Level 1

Allows you to use icons or buttons , ,

Delete

. Displays all the notify actions, and use the name links. Level 1

Allows you to use icons or buttons , ,

Delete

, ,

Activate, Add

, ,

Activate, Add

, and

Delete

, and

Level 1

Level 2

Level 1

Level 2

Log Man age ment

Syst em Logs

Oper ation Logs

Packet Trace File Upload

Recent Logs

Query Logs

Delete Logs

Back Up Logs

Recent Logs

Query Logs

Delete Logs

Displays the parameters for uploading packet trace files. Level 1 Allows you to configure the parameters for uploading packet trace

files. Displays the recent 25 system logs of the day. Level 1 Allows you to export the system logs of the day to a file in the

format of CSV. Displays the system logs based on the query conditions. Level 1 Allows you to export the queried system logs to a file in the format

of CSV. Displays system log file list. Level 1 Allows you to delete system log files. Level 2 Displays all system log files, open and export the specified system

log files to a file in the format of CSV. Displays the recent 25 operation logs of the day, and export the

operation logs of the day to a file in the format of CSV. Displays the operation logs based on the query conditions, and

export the queried operation logs to a file in the format of CSV.

Displays the system log file list and delete the operation log files.

Level 2

Level 3/Auditor

1-6

Menu item Description User level

Attac k Logs

Virus Logs

Back Up Logs

Recent Logs

Query Logs

Delete Logs

Recent Logs

Query Logs

Delete Logs

Displays all operation log files, open and export the specified operation log files to a file in the format of CSV.

Displays the recent 25 IPS block or alert logs of the day. Level 1 Allows you to export the attack logs of the day to a file in the format

of CSV. Displays the attack logs based on the query conditions. Level 1 Allows you to export the queried attack logs to a file in the format of

CSV. Query the attack logs based on the query conditions. Level 1 Allows you to delete the attack logs based on the query conditions. Level 2 Displays the recent 25 virus block or alert logs of the day. Level 1 Allows you to export the virus logs of the day to a file in the format

of CSV. Displays the virus logs based on the query conditions. Level 1 Allows you to export the queried virus logs to a file in the format of

CSV. Query the virus logs based on the query conditions. Level 1 Allows you to delete the virus logs based on the query conditions. Level 2

Level 3/Auditor

Level 2

IPS

Displays the service logs based on the query conditions. Level 1

Service Logs

URL Logs

Device Logs

Log Confi gurat ion

Fast Application Allows you to configure an IPS policy and apply it to a segment. Level 2

Policy Management

Data Logs

Mail Configurat ion

Allows you to delete the queried service logs or export them to a file in the format of CSV.

Displays the URL logs based on the query conditions. Level 1 Allows you to delete the queried URL logs or export them to a file in

the format of CSV. Displays the remote output parameters and local storage control

parameters for system and operation logs. Allows you to set the remote output parameters and local storage

control parameters for system and operation logs. Displays the parameters for data logs, such as log aggregation and

log lifetime. Allows you to set the parameters for data logs, such as log

aggregation and log lifetime. Displays the parameters for sending mails. Level 1 Allows you to set the parameters for sending mails. Level 2

Displays IPS policies and display details of a policy by clicking its name link.

Allows you to use icons or buttons

Delete

and

, , , ,

Activate, Add

Level 2

Level 1

Level 3

Level 1

Level 2

Level 1

Level 2

Default Rule Management

Displays default rules of an IPS policy, allows you to search for an IPS policy by certain criteria and display its default rules, and use rule name links, action set links, and the

1-7

Query

button.

Level 1

Menu item Description User level

Allows you to modify policy name and description, and use icons or

Level 2

User Defined Rule Management

buttons , ,

Rule, Disable Rule

Displays user defined rules of an IPS policy. Level 1 Allows you to configure user defined rules for an IPS policy, and

use icons or buttons ,

Apply, Activate, Modify Action Set, Enable

Reset Rule

, and

Add, Delete

, and

Activate

URL Filter ing

AntiVirus Man age ment

Segment Policy Management

Global Configuration

Policy Management

Rule Management

Displays policy application list and use the links and buttons in the list.

Allows you to use icons or buttons

Delete

. Displays global configuration of URL filtering. Level 1 Allows you to configure global settings of URL filtering, and

activate the configuration. Displays URL filtering policies and the segments where the policies

are applied Allows you to add, modify, and delete URL filtering policy

application, and activate configuration. Displays anti-virus policies and display details of a policy by

clicking its name link.

Allows you to use icons or buttons

Delete

and Displays information about an anti-virus policy, search for a policy

by certain criteria, and use rule name links, action set links, and the

Query

Allows you to modify policy name and description, and use icons or buttons , ,

Rule, Disable Rule

button.

Apply, Activate, Modify Action Set, Enable

Reset Rule

, and

Activate, Add

, ,

, , , ,

, and

Activate, Add

Level 1

Level 2

Level 1

Level 2

Level 1

Level 2

Level 1

Level 2

DDo S

Displays policy application list and use the links and buttons in the

Segment Policy Management

Query Viruses Displays virus list. Level 1

DDoS Policies

Learning Rule

Segment Policy

Detection Rule Displays detection rules of a protected object and use ID links. Level 1

list.

Activate, Add

Allows you to use icons or buttons

Delete

Displays DDoS policies and allows you to display details of a policy by clicking its name link.

Allows you to use icons or buttons

Delete

and Displays information about a DDoS policy, including name,

description and learning rules.. Allows you to modify policy name, description and learning rules,

and use icon Displays policy application list and allows you to use the links and

buttons in the list.

Allows you to use icons or buttons

Delete

Activate

, ,

, , , ,

Activate, Add

, ,

, and

Activate, Add

, and

Level 1

Level 2

Level 1

Level 2

Level 1

Level 2

Level 1

Level 2

1-8

Menu item Description User level

Band width Man age ment

Static Filtering Rule

Dynamic Filtering Rule

Protection Status

Configuration Wizard

Policy Management

Service Management

Allows you to use icons or buttons ,

Selected, Unlock Selected, Enable Selected, Disable Selected

Delete

and Displays static filtering rules applied in a direction on a segment. Level 1

Allows you to use icons or buttons , , ,

Enable Selected, Disable Selected

Displays dynamic filtering rules based on the query conditions. Level 1 Allows you to use buttons

Disable Selected

Displays the protection status and DDoS statistics of a protected project.

Allows you to configure a bandwidth management policy and apply it to a segment.

Displays bandwidth polices and the segments where the policies are applied.

Allows you to add, modify, and delete bandwidth policy applications, and activate the configuration.

Displays service tree and information and matching rules of the selected service.

Allows you to use icons or buttons and

Activate

Activate, Enable Selected

Activate, Save, Add, Lock

Activate, Add

Delete

, and

, ,

, and

Add, Delete, Apply

Level 2

Level 1

Level 2

Level 1

Level 2

Level 1

Level 2

Blac klist

Rep ort

Protocol Management

Blacklist Management

Packet Statistics

Traffic Statistics Reports

Top N

Traffi c Statis tics Repo rts

Reports Traffic

Statistics Report Configura tion

Top N Report Configura tion

Displays protocol tree and information about the selected protocol. Level 1 Allows you to use buttons

Activate

Displays blacklist entries matching the conditions. Level 1

Allows you to use icons or buttons Allows you to collect and display real-time packet distribution

information based on the specified criteria.

Displays traffic statistics reports based on the query conditions. Level 1

Displays top N reports based on the query conditions. Level 1

Allows you to add and delete traffic statistics report parameters. Level 2

Allows you to add and delete top N report parameters. Level 2

Add, Remove, Reset, Apply

Activate, Add

, and

Delete

Level 2

Attac k Repo rts

Attack Reports

Top N Attack Reports

Displays attack reports based on the query conditions. Level 1

Displays top N attack reports based on the query conditions. Level 1

1-9

Menu item Description User level

Virus Repo rts

Virus Reports

Top N Virus Reports

Displays virus reports based on the query conditions. Level 1

Displays top N virus reports based on the query conditions. Level 1

Common Web Interface Elements

Common buttons and icons

Table 1-3 describes the commonly used buttons and icons on the Web interface.

Table 1-3 Common buttons and icons

Button and icon Description

Bring the configuration on the current page into effect or save the configuration into the database.

Select all entries that were not selected, and deselect those that were selected.

Query all entries matching the query criteria.

Activate a configuration in the database, and bring it into effect. Go to the selected page. Applicable to a list displayed on more than one

page. Delete the selected entries. Enter the detailed configuration page of an entry to allow you to view and

modify its parameters. Delete an entry. Copy the configuration of an entry and enter the page for adding a new

entry, Enter the page for managing segment policies. Indicate that the entry is a default one.

Content display by pages

The web interface can display contents by pages, as shown in Figure 1-4. You can set the number of entries that are displayed per page, and use the First, Prev, Next, and Last links to view the contents on the first, previous, next, and last pages, or go to any page that you want to check.

You can also click the column headings—such as Timestamp, Module, Severity, and Log Content —to sort the contents.

1-10

Figure 1-4 Content display by pages

Calendar

To facilitate setting time, the Web interface provides calendar interface. You can click to display the calendar interface for setting time, as shown in

Figure 1-5.

Figure 1-5 Calendar

z To set a time, select year, month, day and hour, and click Apply. z To cancel the time setting, click Clear.

1-11

z To set a time to the system time of the local host, click Today. Note that, for the definition library

update module, today refers to the current system time of the device.

Regular expression help information

To facilitate configuring regular expressions, the Web interface provides help links on the page where you need to configure a regular expression, as shown in the help link to display the help information page, as shown in

Figure 1-6. To view the help information, click

Figure 1-7.

Figure 1-6 Regular expression help link

1-12

Figure 1-7 Regular expression help information

Configuration Guidelines

z The web console supports Windows XP, Windows 2000, Windows Server 2003 Enterp rise Edition,

Windows Server 2003 Standard Edition, Windows Vista, Linux and MAC OS operating systems.

z The web console supports Microsoft Internet Explorer 6.0 SP2 and higher, and Mozilla Firefox

3.0.10 and higher. To ensure that the web console can operate normally, it is recommended to enable Script ActiveX controls marked safe for scripting, Run ActiveX controls and plug-ins, and Active scripting when using Microsoft Internet Explorer, and enable JavaScript when using Mozill a Firefox.

z Some Web pages do not support the Back, Next, Refresh buttons provided by the browser. Using

these buttons may result in abnormal display of these Web pages.

z Because the Windows firewall limits the number of TCP connections, when you use IE to log in to

the Web interface, sometimes you may be unable to open the Web interface. To a void this problem, it is recommended to turn off the Windows firewall before login.

z If the software version of the device changes, when you log in to the device through the Web

interface, you are recommended to delete the temporary Internet files on IE; otherwise, the Web page content may not be displayed correctly.

1-13

2 Device Registration

You can log in to the H3C website for registering a license for your device. The website will generate a license file based on the serial number of the device and the serial number on the software license certificate shipped with the device. Only after you import the license file can you update the signature database and virus definition file to enable the IPS device to defend against new attacks in rea l time.

Device Registration

After logging in to the H3C website at www.h3c.com, select Product & Solutions > Products > Security Products, and then click Signature Database Services at the lower right part of the page to

enter the registration page.

Figure 2-1 Home page of the H3C website

Figure 2-2 Signature database services

2-1

Figure 2-3 Registration page

Table 2-1 shows the detailed device registration configuration items.

Table 2-1 Device registration configuration items

Item Description

Device serial number, which can be obtained from:

z Device chassis z Bar code on the warranty card shipped with the device

Device serial No. (20 digits or letters)

z Web interface: Select System Management > Device Management >

System Info from the navigation tree to display the device serial number.

The device serial number is not the serial number on the software license certificate shipped with the device.

License serial No. (26 digits or letters)

Email Enter your Email address to receive the license file

Obtained from the software license certificate shipped with the device

z A software license certificate can be used by only one device. z The license file generated based on the registration information will be sent to your Email address

within two working days.

z After you received the license file, log in to the web page and select System Management >

Device Management > License from the navigation tree. Then specify the path and file name on the License Import tab and click Import to import the license. For other information, refer to

Device Management.

License File Update

With the initial license file, you can update the signature database and virus definition file for free within one year. After that, you need to purchase a new software licen se certificate and follow the steps above to generate another license file to update the signature database and virus definition file.

2-2

3 Device Management

System Status

System Status Overview

The system status module helps you understand the current status of the system, including the following information:

z Health status: Displays the current health status of the system. It helps you understand the usages

of CPU, memory, hardware image area, and hardware log area; the status of fan and power; the temperatures of CPU and the main board.

z IPS: Displays the statistics of IPS detection. It helps you understand the statistics of IPS attack

logs.

z URL filtering: Displays the statistics of URL filtering. It helps you understand the statistics of URL

logs.

z Anti-Virus: Displays the statistics of anti-virus management. It helps you understand the statistics

of virus logs.

z Logs: It links you to various log pages conveniently.

Viewing System Status

After logging into the Web interface, you can directly enter the page which can also enter by selecting System Management > Device Management > System Status, as shown in

Figure 3-1.

3-1

Figure 3-1 System status page

Select the check box on the top of the above figure, and then the system will automatically refresh the system status page at the specified interval; or you can click Refresh Now to manually refresh the page.

Health status

Table 3-1 describes the fields of health status.

Table 3-1 Health status fields

Field Description

CPU usage

Memory usage

Image Area usage

If the CPU usage exceeds the threshold, is displayed; otherwise, is displayed. If the memory usage exceeds the threshold,

displayed. If the image area usage exceeds the threshold,

displayed.

is displayed; otherwise, is

Log Area usage

Fan status

Power status

If the log area usage exceeds the threshold, displayed.

If any fan fails, and

If any power supply unit (PSU) fails,

Normal

are displayed.

Fault

are displayed; otherwise, and

and

3-2

is displayed; otherwise, is

Normal

Fault

are displayed; otherwise, and

are displayed.

+ 189 hidden pages

H3C SecBlade IPS User Manual

Preface

Audience

Conventions

Command conventions

GUI conventions

Symbols

About the H3C IPS Web-Based Configuration Guide

Organization

Related Documentation

Obtaining Documentation

Technical Support

Documentation Feedback

Table of Contents

1 Web Overview

Overview

Logging In to the Web Interface

Logging Out of the Web Interface

Introduction to Web Users and Levels

Introduction to the Web Interface

Introduction to the Web-Based NM Functions

Common Web Interface Elements

Common buttons and icons

Content display by pages

Calendar

Regular expression help information

Configuration Guidelines

2 Device Registration

Device Registration

License File Update

3 Device Management

System Status

System Status Overview

Viewing System Status

Health status