No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.
G, VnG, PSPT,
XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,
Ltd.
All other trademarks that may be mentioned in this manual are the property of their respective owners.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Preface
H3C IPS products are new-generation intrusion prevention devices developed by H3C for enterprise
users, industry users, and Telecom users. They are one of the most crucial products in the intelligent
Safe Pervasive Network (iSPN) of H3C IToIP architecture.
An IPS device can be deployed in the inline mode on the critical path of a network to perform detailed
inspection of Layer 2-7 traffic passing through the p ath, and thus to precisely identify, block, and control
various types of network attacks or flood attacks in real time.
An IPS device can also be connected to a network in the bypass mode. In that case, the IPS device is
similar to the intrusion detection system (IDS) device in functions. It can capture packets by receiving
mirrored traffic and detecting copied packets, and execute security actions indirectly through response
packets, thus protecting the network.
Moreover, IPS devices can provide powerful and realistic bandwidth management and URL filtering
functions.
H3C IPS products involve the complete series of high end-to-low end IPSs, and provide box-type
devices and card-type IPS devices. For more information about IPS models, see H3C IPS Series Products at the H3C website.
This preface includes:
z Audience
z Conventions
z About the H3C IPS Web-Based Configuration Guide
z Obtaining Documentation
z Technical Support
z Documentation Feedback
Audience
This documentation is intended for:
z Network planners
z Field technical support and servicing engineers
z Network administrators working with the H3C IPS products
Conventions
This section describes the conventions used in this documentation set.
Command conventions
Convention Description
Boldface Bold
italic
[ ]
Italic text represents arguments that you replace with actual values.
Square brackets enclose syntax choices (keywords or arguments) that are
optional.
text represents commands and keywords that you enter literally as shown.
Convention Description
{ x | y | ... }
[ x | y | ... ]
{ x | y | ... } *
[ x | y | ... ] *
&<1-n>
# A line that starts with a pound (#) sign is comments.
Braces enclose a set of required syntax choices separated by vertical bars,
from which you select one.
Square brackets enclose a set of optional syntax choices separated by vertical
bars, from which you select one or none.
Asterisk marked braces enclose a set of required syntax choices separated by
vertical bars, from which you select at least one.
Asterisk marked square brackets enclose optional syntax choices separated by
vertical bars, from which you may select multiple choices or none.
The argument or keyword and argument combination before the ampersand (&)
sign can be entered 1 to n times.
GUI conventions
Convention Description
Boldface
>
Window names, button names, field names, and menu items are in Boldface.
For example, the
Multi-level menus are separated by angle brackets. For example,
Folder
>
.
New User
window appears; click OK.
File
>
Create
Symbols
Convention Description
Network topology icons
Convention Description
Means reader be extremely careful. Improper operation may cause bodily
injury.
Means reader be careful. Improper operation may cause data loss or damage to
equipment.
Means an action or information that needs special attention to ensure
successful configuration or good performance.
Means a complementary description.
Means techniques helpful for you to make configuration with ease.
Represents an H3C IPS device.
Represents a generic network device, such as a router, switch, or firewall.
Represents a routing-capable device, such as a router or Layer 3 switch.
Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router
that supports Layer 2 forwarding and other Layer 2 features.
About the H3C IPS Web-Based Configuration Guide
Organization
The H3C IPS web-based configuration guide describes the following features:
Feature Description
Describes the Web-based network management (NM) for the IPS.
zLogging in to/out from the web interface
Web overview
Device
management
User
management
System
manage
ment
Network
management
High
availability
Time table
management
Action
management
Log management
IPS
z Introduction to web users and levels
z Introduction to the web interface and web-based NM functions
z Common web interface elements
z Configuration guidelines
Describes basic configurations for IPS management.
z Displaying system status, system information, and system time
z Configuring system monitoring
z Save configuration, manage the configuration file, and restore the factory
defaults
z Upgrading signature database and software versions
z Displaying license information, importing and exporting a license
z Setting the operating mode
z Configuring OAA
z Rebooting system
Describes user management functions for the IPS device.
z Managing user accounts and online users
z Configuring a security policy
Describes network management configurations for the IPS.
zConfiguring management interface parameters, executing a ping operation,
creating a static route, and configuring DNS servers
z Displaying and configuring interface properties
z Creating security zones
z Creating a segment and configuring segment bandwidth control
Describes the high availability features of the IPS.
z Configuring Layer 2 fallback
z Configuring interface status synchronization
Describes the time table configuration for the IPS.
zCreating a time table
Describes action management configurations for the IPS.
z Creating a block, rate limit, or notify action
z Creating an action set
z Uploading packet trace files
Describes log management configurations for the IPS.
zDisplaying, querying, deleting system logs, operation logs, attack logs, and
virus logs
z Querying service logs and URL logs
z Configuring device logs, data logs, and email logs
Describes the attack prevention configurations for the IPS.
z Creating an IPS policy
z Configuring rules for a policy
z Applying an IPS policy to a segment
z Configuring IPS policy shortcut application
Feature Description
Describes URL filtering configurations for the IPS.
URL Filtering
z Configuring URL filtering global parameters
z Creating and applying a URL filtering policy
Describes anti-virus configurations for the IPS.
zCreating an anti-virus policy
Anti-virus
z Configuring rules for a policy
z Applying a policy to a segment
z Querying viruses
Describes DDoS prevention configurations for the IPS.
z Creating a DDoS policy
z Configuring learning rules
z Applying a DDoS policy to a segment
DDoS
z Maintaining a DDoS policy application
z Adding detection rules
z Adding a static filtering rule
z Configuring dynamic filtering rules
z Displaying DDoS statistics
Describes bandwidth management configuration for the IPS.
Bandwidth management
z Configuring protocols and services
z Creating a bandwidth management policy and applying the policy to a segment
Describes blacklist configurations for the IPS.
Blacklist
z Adding a blacklist entry manually
z Querying blacklist entries
Describes report configurations for the IPS.
zDisplaying packet statistics
Report
z Configuring, querying traffic statistics reports and top N reports
z Querying attack reports and top N attack reports
z Querying virus reports and top N virus reports
Acronym Lists the acronyms used in the IPS web-based configuration guide.
Related Documentation
In addition to the H3C IPS web-based configuration guide, you can go to H3C SecBlade IPS Cards
Documentation Navigator to view manuals of the SecBlade series IPS cards for reference.
Obtaining Documentation
You can access the most up-to-date H3C product documentation on the World Wide Web at
http://www.h3c.com.
Click the links on the top navigation bar to obtain different categories of product documentation:
upgrading, and software feature configuration and maintenance documentation.
[Products & Solutions] – Provides information about products and technologies, as well as solutions.
[Technical Support & Documents > Software Download] – Provides the documentation released with
the software version.
Technical Support
customer_service@h3c.com
http://www.h3c.com
Documentation Feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.
Table of Contents
1 Web Overview............................................................................................................................................1-1
System Status.........................................................................................................................................3-1
System Status Overview .................................................................................................................3-1
Viewing System Status....................................................................................................................3-1
System Information.................................................................................................................................3-5
System Information Overview .........................................................................................................3-5
Viewing System Information............................................................................................................3-5
System Time...........................................................................................................................................3-6
System Time Overview....................................................................................................................3-6
Configuring System Time................................................................................................................3-6
System Monitoring ..................................................................................................................................3-7
System Monitoring Overview...........................................................................................................3-7
Configuring System Monitoring.......................................................................................................3-7
OAA Configuration Example .........................................................................................................3-23
System Reboot......................................................................................................................................3-27
System Reboot Overview..............................................................................................................3-27
Rebooting the system....................................................................................................................3-27
4 User Management......................................................................................................................................4-1
User Management Overview ..................................................................................................................4-1
Configuring User Management...............................................................................................................4-1
System Logs .........................................................................................................................................13-1
System Logs Overview..................................................................................................................13-1
Service Logs .......................................................................................................................................13-16
Querying Top N Virus Reports......................................................................................................23-3
24 Index .......................................................................................................................................................24-1
vi
1 Web Overview
Overview
Hangzhou H3C Technologies Co., Ltd. (hereinafter referred to as H3C) provides the Web-based
network management function for the Intrusion Prevention System (IPS) of H3C to facilitate the
operations and maintenance on the IPS devices. Through this function, the administrator can visually
manage and maintain the IPS devices through the Web-based configuration interfaces.
Figure 1-1 shows a Web-based network management operating system.
The device is provided with the default Web login information .Y ou can use the default information to log
in to the Web interface. The default Web login inform ation is:
z Username: admin
z Password: admin
z IP address of the device: 192.168.1.1
To log in to the device through the Web interface, follow these steps:
Step1 Connect the device and PC
Connect the default management port meth 0/0 of the device to the PC using a crossover Ethernet
cable. For the IPS cards with silkscreen LSWM1IPS10 for S5800 and S5820X series switches, the
default management port is meth 0/0. For other models of IPS cards, the default management port is
meth 0/2.
zIf the IPS device provides two management ports, you can use only one to manage the device at a
time.
zBy default, a management port with the smallest ID is the default management port, and it is
assigned IP address 192.168.1.1/24. To make a management port with a larger ID the default
management port, remove the IP address of the original default management po rt and assign an IP
address to the management port that you want to configure as the default one.
1-1
Step2 Configure an IP address for the PC and ensure that the PC and device can communicate with each
other.
Modify the IP address to one within the network segment 192.168.1.0/24 (except for 192.168.1.1), for
example, 192.168.1.2.
Step3 Launch the IE browser, and input the login information.
On the PC, launch the IE browser, type https://192.168.1.1 in the address bar (the HTTPS service is
enabled by default), and press Enter. You can enter the login page of the Web interface, as shown in
Figure 1-2.
Click Chinese or English on the login page, in put the username (admin) password (admin), and ve rify
code shown on the page, and click Login to enter the Web interfa ce.
Figure 1-2 Login page of the Web interface
zThe PC where you configure the device is not necessarily the Web-based network management
terminal.
zAfter the first-time login, you are recommended to change the default password. For detailed
operation, refer to User Management.
zA verify code will expire in 2 minutes, so you need to use the code within the expiration time. To
obtain a new verify code, click the verify code image.
zUp to 5 users can concurrently log in to the device through the Web interface.
Logging Out of the Web Interface
Click Logout in the upper-right corner of the W eb interface. The system gives a confirmation dialog box ,
on which you can click OK to quit Web-based network management.
1-2
Introduction to Web Users and Levels
Web user levels include Level 0, Level 1, Level 2, Level 3, and auditor. Table 1-1 lists the Web user
levels and corresponding operation rights.
Table 1-1 Web user levels and operation rights
User level Operation right
zUse the network diagnosis tool ping
Level 0 (Visit)
Level 1 (Monitor)
Level 2 (System)
Level 3 (Manage)
Auditor
zView the IP address of the management port, management rights,
static routes, and DNS server information
z Unable to perform configuration
z Have the privileges of Level-0 users
z View all the other configuration information except user information
z View all the other logs excepts operation logs
z Unable to perform configuration
z Unable to monitor packet distribution in real time
z Have the privileges of Level-1 users
z Perform all the other configuration operations except user
z Have the privileges of Level-2 users
z View all configuration information
z View all logs
z Perform all configuration operations
z View/back up/delete operation logs
z Unable to perform other operations except the above ones
This manual assumes that a Level-3 user performs the configuration operations unless otherwise
specified.
Introduction to the Web Interface
The Web interface is composed of three parts: navigation area, title area, and body area, as shown in
Figure 1-3.
1-3
Figure 1-3 Web-based configuration interface
(2)
(1)
(3)
(1) Navigation area (2) Title area (3) Body area
zNavigation area—Organizes the Web-based NM function menus in the form of a navigation tree,
where you can select function menus as needed. The result is displ ayed in the body area.
zTitle area—Displays the path of the current configuration interface in the navigation area; provides
the Logout button to log out of the Web interface.
zBody area—The area where you can configure and display a function.
Introduction to the Web-Based NM Functions
Table 1-2 lists the Web-based NM functions.
Table 1-2 Web-based NM functions
Menu item Description User level
Syst
em
Man
age
ment
Devi
ce
Man
age
ment
System
Status
Displays the current status of system software and hardware.
Allows you to use links or the
block logs, anti-virus block logs, and system logs.
Allows you to use icon for IPS block logs, URL block logs,
anti-virus block logs, and allows you to use icons
system logs.
Allows you to use the link to view operation logs, and use
icons
,, and .
icon to view IPS block logs, URL
and for
Level 1
Level 2
Level 3
System
Informatio
n
System
Time
Displays the current software versions, hardware versions,
versions of signature packages, device serial number, MAC
address of the NM port, and system time.
Displays system date, time, and time zone. Level 1
Allows you to set system time source and time zone. Level 2
1-4
Level 1
Menu item Description User level
Displays system thresholds, including CPU usage threshold,
System
Monitoring
memory usage threshold, hardware usage threshold, CPU
temperature upper and lower limits, and main board temperature
upper and lower limits.
Allows you to set system thresholds, including CPU usage
threshold, memory usage threshold, hardware usage threshold,
CPU temperature upper and lower limits, and main board
temperature upper and lower limits.
Level 1
Level 2
Configurat
ion
Maintenan
ce
Signature
Upgrade
Software
Upgrade
License
Operating
Mode
OAA
Configurat
ion
Allows you to save the current configuration; add, delete, upload,
download, import, and export the configuration file; restore the
factory defaults.
Displays current versions and history versions of signature
packages, and configuration information of signature package auto
upgrade.
Allows you to roll back signature packages to a history version.
Upgrade signature package manually. Enable signature package
auto upgrade and set the upgrade time.
Displays the software versions, upload date, sizes of the version
files, and version status on the device.
Allows you to update and delete a software version, and modify
software version status.
Displays license information, and allows you to import and export
license file.
Displays operating mode configuration information. Level 1
Allows you to set operating mode parameters. Level 2
Displays OAA client configuration information. Level 1
Allows you to configure OAA client and test connectivity between
OAA client and server.
Level 3
Level 1
Level 2
Level 1
Level 3
Level 1
Level 2
User
Man
age
ment
Netw
ork
Man
age
ment
System
Reboot
User
Accounts
Online
Users
Security
Policy
Managem
ent
Interface
Interface
Configurat
ion
Security
Allows you to reboot the device. Level 2
Displays user information, and allow you to add, modify and delete
user accounts.
Displays all users that log in to the Web interface and allow you to
kick out the logged-in users except yourself.
Displays security related information and allow you to configure the
settings including timeout time, password strength, and lock
settings.
Displays the IP address and protocol used by each management
interface, display static routes and DNS server information, and
allow you to perform ping operations.
Allows you to specify the IP address and protocol used by each
management interface, add or delete static routes, and configure
DNS servers.
Displays interface properties, including connection status,
interface status, interface type, transmission rate, and duplex
mode.
Allows you to configure interface properties, such as interface
status, interface type, transmission rate, and duplex mode.
Displays all security zones, name links, and segment links. Level 1
Level 3
Level 3
Level 3
Level 0
Level 2
Level 1
Level 2
1-5
Menu item Description User level
Zone
Allows you to use icons or buttons , ,
perform corresponding functions.
Add
, and
Remove
to
Level 2
Segment
Configurat
ion
Layer 2
High
Avail
abilit
y
Time Table List
Actio
n
Man
age
ment
Fallback
Interface
Status
Synchroni
zation
Action Set
List
Block
Action List
Notify
Action List
Displays all segments, segment links, internal zone links, and
external zone links.
Allows you to control bandwidth for a specific segment by using
Activate, Add Segment, Apply
icons or buttons
Delete
.
Displays the parameters related to Layer 2 fallback. Level 1
Allows you to set the parameters related to Layer 2 fallback. Level 2
Displays the configuration information of interface status
synchronization.
Allows you to set interface status synchronization. Level 2
Displays all the time tables, and use the name links. Level 1
Allows you to use icons or buttons
Delete
.
Displays all the action sets, and use the name links. Level 1
Allows you to use icons or buttons
Displays all the block actions, and use the name links. Level 1
Allows you to use icons or buttons , ,
Delete
.
Displays all the notify actions, and use the name links. Level 1
Allows you to use icons or buttons , ,
Delete
.
, ,
Activate, Add
, ,
Activate, Add
,
Activate, Add
Activate, Add
, and
, and
, and
Delete
, and
, and
.
Level 1
Level 2
Level 1
Level 2
Level 2
Level 2
Level 2
Log
Man
age
ment
Syst
em
Logs
Oper
ation
Logs
Packet
Trace File
Upload
Recent
Logs
Query
Logs
Delete
Logs
Back Up
Logs
Recent
Logs
Query
Logs
Delete
Logs
Displays the parameters for uploading packet trace files. Level 1
Allows you to configure the parameters for uploading packet trace
files.
Displays the recent 25 system logs of the day. Level 1
Allows you to export the system logs of the day to a file in the
format of CSV.
Displays the system logs based on the query conditions. Level 1
Allows you to export the queried system logs to a file in the format
of CSV.
Displays system log file list. Level 1
Allows you to delete system log files. Level 2
Displays all system log files, open and export the specified system
log files to a file in the format of CSV.
Displays the recent 25 operation logs of the day, and export the
operation logs of the day to a file in the format of CSV.
Displays the operation logs based on the query conditions, and
export the queried operation logs to a file in the format of CSV.
Displays the system log file list and delete the operation log files.
Level 2
Level 2
Level 2
Level 2
Level
3/Auditor
Level
3/Auditor
Level
3/Auditor
1-6
Menu item Description User level
Attac
k
Logs
Virus
Logs
Back Up
Logs
Recent
Logs
Query
Logs
Delete
Logs
Recent
Logs
Query
Logs
Delete
Logs
Displays all operation log files, open and export the specified
operation log files to a file in the format of CSV.
Displays the recent 25 IPS block or alert logs of the day. Level 1
Allows you to export the attack logs of the day to a file in the format
of CSV.
Displays the attack logs based on the query conditions. Level 1
Allows you to export the queried attack logs to a file in the format of
CSV.
Query the attack logs based on the query conditions. Level 1
Allows you to delete the attack logs based on the query conditions. Level 2
Displays the recent 25 virus block or alert logs of the day. Level 1
Allows you to export the virus logs of the day to a file in the format
of CSV.
Displays the virus logs based on the query conditions. Level 1
Allows you to export the queried virus logs to a file in the format of
CSV.
Query the virus logs based on the query conditions. Level 1
Allows you to delete the virus logs based on the query conditions. Level 2
Level
3/Auditor
Level 2
Level 2
Level 2
Level 2
IPS
Displays the service logs based on the query conditions. Level 1
Service Logs
URL Logs
Device
Logs
Log
Confi
gurat
ion
Fast Application Allows you to configure an IPS policy and apply it to a segment. Level 2
Policy
Management
Data Logs
Mail
Configurat
ion
Allows you to delete the queried service logs or export them to a
file in the format of CSV.
Displays the URL logs based on the query conditions. Level 1
Allows you to delete the queried URL logs or export them to a file in
the format of CSV.
Displays the remote output parameters and local storage control
parameters for system and operation logs.
Allows you to set the remote output parameters and local storage
control parameters for system and operation logs.
Displays the parameters for data logs, such as log aggregation and
log lifetime.
Allows you to set the parameters for data logs, such as log
aggregation and log lifetime.
Displays the parameters for sending mails. Level 1
Allows you to set the parameters for sending mails. Level 2
Displays IPS policies and display details of a policy by clicking its
name link.
Allows you to use icons or buttons
Delete
and
.
, , , ,
Activate, Add
,
Level 2
Level 2
Level 1
Level 3
Level 1
Level 2
Level 1
Level 2
Default Rule
Management
Displays default rules of an IPS policy, allows you to search for an
IPS policy by certain criteria and display its default rules, and use
rule name links, action set links, and the
1-7
Query
button.
Level 1
Menu item Description User level
Allows you to modify policy name and description, and use icons or
Level 2
Level 2
User Defined Rule
Management
buttons , ,
Rule, Disable Rule
Displays user defined rules of an IPS policy. Level 1
Allows you to configure user defined rules for an IPS policy, and
use icons or buttons ,
Apply, Activate, Modify Action Set, Enable
Reset Rule
, and
Add, Delete
.
, and
Activate
.
URL
Filter
ing
AntiVirus
Man
age
ment
Segment Policy
Management
Global
Configuration
Policy
Management
Policy
Management
Rule Management
Displays policy application list and use the links and buttons in the
list.
Allows you to use icons or buttons
Delete
.
Displays global configuration of URL filtering. Level 1
Allows you to configure global settings of URL filtering, and
activate the configuration.
Displays URL filtering policies and the segments where the policies
are applied
Allows you to add, modify, and delete URL filtering policy
application, and activate configuration.
Displays anti-virus policies and display details of a policy by
clicking its name link.
Allows you to use icons or buttons
Delete
and
Displays information about an anti-virus policy, search for a policy
by certain criteria, and use rule name links, action set links, and the
Query
Allows you to modify policy name and description, and use icons or
buttons , ,
Rule, Disable Rule
.
button.
Apply, Activate, Modify Action Set, Enable
Reset Rule
, and
Activate, Add
, ,
, , , ,
.
, and
Activate, Add
,
Level 1
Level 2
Level 2
Level 1
Level 2
Level 1
Level 2
Level 1
Level 2
DDo
S
Displays policy application list and use the links and buttons in the
Segment Policy
Management
Query Viruses Displays virus list. Level 1
DDoS Policies
Learning Rule
Segment Policy
Detection Rule Displays detection rules of a protected object and use ID links. Level 1
list.
Activate, Add
Allows you to use icons or buttons
Delete
.
Displays DDoS policies and allows you to display details of a policy
by clicking its name link.
Allows you to use icons or buttons
Delete
and
Displays information about a DDoS policy, including name,
description and learning rules..
Allows you to modify policy name, description and learning rules,
and use icon
Displays policy application list and allows you to use the links and
and
Displays static filtering rules applied in a direction on a segment. Level 1
Allows you to use icons or buttons , , ,
Enable Selected, Disable Selected
Displays dynamic filtering rules based on the query conditions. Level 1
Allows you to use buttons
Disable Selected
Displays the protection status and DDoS statistics of a protected
project.
Allows you to configure a bandwidth management policy and apply
it to a segment.
Displays bandwidth polices and the segments where the policies
are applied.
Allows you to add, modify, and delete bandwidth policy
applications, and activate the configuration.
Displays service tree and information and matching rules of the
selected service.
Allows you to use icons or buttons
and
Activate
.
Activate, Enable Selected
.
.
Activate, Save, Add, Lock
Activate, Add
Delete
, and
, ,
.
, and
Add, Delete, Apply
Level 2
,
,
Level 2
Level 2
Level 1
Level 2
Level 1
Level 2
Level 1
,
Level 2
Blac
klist
Rep
ort
Protocol
Management
Blacklist
Management
Packet Statistics
Traffic
Statistics
Reports
Top N
Traffi
c
Statis
tics
Repo
rts
Reports
Traffic
Statistics
Report
Configura
tion
Top N
Report
Configura
tion
Displays protocol tree and information about the selected protocol. Level 1
Allows you to use buttons
Activate
Displays blacklist entries matching the conditions. Level 1
Allows you to use icons or buttons
Allows you to collect and display real-time packet distribution
information based on the specified criteria.
Displays traffic statistics reports based on the query conditions. Level 1
Displays top N reports based on the query conditions. Level 1
Allows you to add and delete traffic statistics report parameters. Level 2
Allows you to add and delete top N report parameters. Level 2
.
Add, Remove, Reset, Apply
Activate, Add
,
, and
, and
Delete
.
Level 2
Level 2
Level 2
Attac
k
Repo
rts
Attack
Reports
Top N
Attack
Reports
Displays attack reports based on the query conditions. Level 1
Displays top N attack reports based on the query conditions. Level 1
1-9
Menu item Description User level
Virus
Repo
rts
Virus
Reports
Top N
Virus
Reports
Displays virus reports based on the query conditions. Level 1
Displays top N virus reports based on the query conditions. Level 1
Common Web Interface Elements
Common buttons and icons
Table 1-3 describes the commonly used buttons and icons on the Web interface.
Table 1-3 Common buttons and icons
Button and icon Description
Bring the configuration on the current page into effect or save the
configuration into the database.
Select all entries that were not selected, and deselect those that were
selected.
Query all entries matching the query criteria.
Activate a configuration in the database, and bring it into effect.
Go to the selected page. Applicable to a list displayed on more than one
page.
Delete the selected entries.
Enter the detailed configuration page of an entry to allow you to view and
modify its parameters.
Delete an entry.
Copy the configuration of an entry and enter the page for adding a new
entry,
Enter the page for managing segment policies.
Indicate that the entry is a default one.
Content display by pages
The web interface can display contents by pages, as shown in Figure 1-4. You can set the number of
entries that are displayed per page, and use the First, Prev, Next, and Last links to view the contents
on the first, previous, next, and last pages, or go to any page that you want to check.
You can also click the column headings—such as Timestamp, Module, Severity, and Log Content—to sort the contents.
1-10
Figure 1-4 Content display by pages
Calendar
To facilitate setting time, the Web interface provides calendar interface. You can click to display the
calendar interface for setting time, as shown in
Figure 1-5.
Figure 1-5 Calendar
z To set a time, select year, month, day and hour, and click Apply.
z To cancel the time setting, click Clear.
1-11
zTo set a time to the system time of the local host, click Today. Note that, for the definition library
update module, today refers to the current system time of the device.
Regular expression help information
To facilitate configuring regular expressions, the Web interface provides help links on the page where
you need to configure a regular expression, as shown in
the help link to display the help information page, as shown in
Figure 1-6. To view the help information, click
Figure 1-7.
Figure 1-6 Regular expression help link
1-12
Figure 1-7 Regular expression help information
Configuration Guidelines
zThe web console supports Windows XP, Windows 2000, Windows Server 2003 Enterp rise Edition,
Windows Server 2003 Standard Edition, Windows Vista, Linux and MAC OS operating systems.
zThe web console supports Microsoft Internet Explorer 6.0 SP2 and higher, and Mozilla Firefox
3.0.10 and higher. To ensure that the web console can operate normally, it is recommended to
enable Script ActiveX controls marked safe for scripting, Run ActiveX controls and plug-ins, and
Active scripting when using Microsoft Internet Explorer, and enable JavaScript when using Mozill a
Firefox.
zSome Web pages do not support the Back, Next, Refresh buttons provided by the browser. Using
these buttons may result in abnormal display of these Web pages.
zBecause the Windows firewall limits the number of TCP connections, when you use IE to log in to
the Web interface, sometimes you may be unable to open the Web interface. To a void this problem,
it is recommended to turn off the Windows firewall before login.
zIf the software version of the device changes, when you log in to the device through the Web
interface, you are recommended to delete the temporary Internet files on IE; otherwise, the Web
page content may not be displayed correctly.
1-13
2 Device Registration
You can log in to the H3C website for registering a license for your device. The website will generate a
license file based on the serial number of the device and the serial number on the software license
certificate shipped with the device. Only after you import the license file can you update the signature
database and virus definition file to enable the IPS device to defend against new attacks in rea l time.
Device Registration
After logging in to the H3C website at www.h3c.com, select Product & Solutions > Products >
Security Products, and then click Signature Database Services at the lower right part of the page to
enter the registration page.
Figure 2-1 Home page of the H3C website
Figure 2-2 Signature database services
2-1
Figure 2-3 Registration page
Table 2-1 shows the detailed device registration configuration items.
Table 2-1 Device registration configuration items
Item Description
Device serial number, which can be obtained from:
z Device chassis
z Bar code on the warranty card shipped with the device
Device serial No.
(20 digits or letters)
zWeb interface: Select System Management > Device Management >
System Info from the navigation tree to display the device serial number.
The device serial number is not the serial number on the software license
certificate shipped with the device.
License serial No.
(26 digits or letters)
Email Enter your Email address to receive the license file
Obtained from the software license certificate shipped with the device
z A software license certificate can be used by only one device.
z The license file generated based on the registration information will be sent to your Email address
within two working days.
zAfter you received the license file, log in to the web page and select System Management >
Device Management > License from the navigation tree. Then specify the path and file name on the License Import tab and click Import to import the license. For other information, refer to
Device Management.
License File Update
With the initial license file, you can update the signature database and virus definition file for free within
one year. After that, you need to purchase a new software licen se certificate and follow the steps above
to generate another license file to update the signature database and virus definition file.
2-2
3 Device Management
System Status
System Status Overview
The system status module helps you understand the current status of the system, including the
following information:
zHealth status: Displays the current health status of the system. It helps you understand the usages
of CPU, memory, hardware image area, and hardware log area; the status of fan and power; the
temperatures of CPU and the main board.
zIPS: Displays the statistics of IPS detection. It helps you understand the statistics of IPS attack
logs.
zURL filtering: Displays the statistics of URL filtering. It helps you understand the statistics of URL
logs.
zAnti-Virus: Displays the statistics of anti-virus management. It helps you understand the statistics
of virus logs.
zLogs: It links you to various log pages conveniently.
Viewing System Status
After logging into the Web interface, you can directly enter the page which can also enter by selecting
System Management > Device Management > System Status, as shown in
Figure 3-1.
3-1
Figure 3-1 System status page
Select the check box on the top of the above figure, and then the system will automatically refresh the
system status page at the specified interval; or you can click Refresh Now to manually refresh the
page.
Health status
Table 3-1 describes the fields of health status.
Table 3-1 Health status fields
Field Description
CPU usage
Memory usage
Image Area usage
If the CPU usage exceeds the threshold, is displayed; otherwise, is displayed.
If the memory usage exceeds the threshold,
displayed.
If the image area usage exceeds the threshold,
displayed.
is displayed; otherwise, is
is displayed; otherwise, is
Log Area usage
Fan status
Power status
If the log area usage exceeds the threshold,
displayed.
If any fan fails, and
If any power supply unit (PSU) fails,
Normal
are displayed.
Fault
are displayed; otherwise, and
and
3-2
is displayed; otherwise, is
Normal
Fault
are displayed; otherwise, and
are displayed.
Loading...
+ 189 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.