H3C SecCenter IPS Manager User Manual

Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com

Document version: 5PW101-20110130

H3C SecCenter IPS Manager

Configuration Guide

Copyright © 2009-2011, Hangzhou H3C Technologies Co., Ltd. and its licensors

All rights reserved

No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

Notice

H3C,

, Aolynk, , H3Care,

SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V

, TOP G, , IRF, NetPilot, Neocean, NeoVTL,

2

G, VnG, PSPT,
XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,
Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners

The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.

Preface

The H3C SecCenter IPS Manager Configuration Guide describes Installation and uninstallation, System
management, IPS management and Configuration example, and so on.

This preface includes:

•

Audience

Conventions

•

Obtaining documentation

•

Technical support

•

Documentation feedback

•

Audience

This documentation is intended for:

• Network planners

• Field technical support and servicing engineers

• Network administrators working with the SecCenter IPS Manager

Conventions

This section describes the conventions used in this documentation set.

GUI conventions

Convention Description

Boldface

> Multi-level menus are separated by angle brackets. For example, File > Create > Folder.

Symbols

Convention Description

WARNING

CAUTION

IMPORTANT

NOTE

TIP

Window names, button names, field names, and menu items are in Boldface. For
example, the New User window appears; click OK.

An alert that calls attention to important information that if not understood or followed can
result in personal injury.

An alert that calls attention to important information that if not understood or followed can
result in data loss, data corruption, or damage to hardware or software.

An alert that calls attention to essential information.

An alert that contains additional or supplementary information.

An alert that provides helpful information.

Network topology icons

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports
Layer 2 forwarding and other Layer 2 features.

Obtaining documentation

You can access the most up-to-date H3C product documentation on the World Wide Web at

http://www.h3c.com.

Click the links on the top navigation bar to obtain different categories of product documentation:

[Technical Support & Documents > Technical Documents] – Provides hardware installation, software

upgrading, and software feature configuration and maintenance documentation.

[Products & Solutions] – Provides information about products and technologies, as well as solutions.

[Technical Support & Documents > Software Download] – Provides the documentation released with the

software version.

Technical support

customer_service@h3c.com

http://www.h3c.com

Documentation feedback

You can e-mail your comments about product documentation to info@h3c.com.

We appreciate your comments.

Contents

Overview ······································································································································································ 1

Introduction to H3C SecCenter IPS Manager ················································································································1
What H3C SecCenter IPS Manager can do··················································································································1

Installation and uninstallation······································································································································ 2

Installing the IPS Manager ···············································································································································2
Registering the IPS Manager ···········································································································································2
Uninstalling the IPS Manager ··········································································································································3

System management···················································································································································· 5

Device management ·························································································································································5

Managing device groups ········································································································································5
Managing device access templates ·······················································································································6
Managing devices····················································································································································9
Managing events··················································································································································· 13
Configuring device interface alarming ··············································································································· 15

Operator management·················································································································································· 16

Managing operators············································································································································· 16
Managing operation logs····································································································································· 18
Changing your login password ··························································································································· 19

System configuration······················································································································································ 20

Configuring service parameters··························································································································· 20
Configuring management ports ··························································································································· 21
Configuring the mail server·································································································································· 22
Configuring SMS alarming ··································································································································24
Managing filters ···················································································································································· 24
Monitoring the disk space ···································································································································· 27
Managing subsystems··········································································································································· 28

IPS management·························································································································································31

Overview········································································································································································· 31
IPS device management ················································································································································ 31

Managing IPS devices ·········································································································································· 31
Managing signature files······································································································································ 34
Displaying device statistics··································································································································· 36

Realtime monitoring ······················································································································································· 37

Displaying event snapshots ·································································································································· 37
Displaying attack/virus/DDoS snapshot list······································································································· 41
Monitoring IPS devices ········································································································································· 43

Event analysis ································································································································································· 43

Displaying attack/virus/DDoS attack event analysis reports ··········································································· 43
Displaying attack event details ···························································································································· 47
Displaying virus event details······························································································································· 50
Displaying DDoS event details····························································································································· 52
Configuring the alarming function······················································································································· 53
Managing report export tasks······························································································································ 56

Policy management························································································································································ 59

Configuring attack protection policies ················································································································ 59
Configuring anti-virus policies······························································································································ 63
Configuring policy applications ·························································································································· 67

i

Displaying attack signatures ································································································································ 70
Displaying virus category list ······························································································································· 71
Configuring custom events ··································································································································· 72
Importing and exporting policies························································································································· 80

Configuration example··············································································································································83

Network requirements ···················································································································································83
Adding IPS devices to the IPS Manager ······················································································································ 83

Index ···········································································································································································85

ii

Overview

Introduction to H3C SecCenter IPS Manager

H3C SecCenter Intrusion Prevention System (IPS) Manager is a powerful system for comprehensive
analysis and centralized management of IPS devices. It is an important component of the H3C Security
Management Center (SecCenter).

The IPS Manager allows you to manage and control all H3C IPS devices in your network. It features great
scalability, visual realtime event monitoring, comprehensive security event analysis such as attack, DDoS
attack, and virus event analysis, and rich reports, enabling you to learn the network security status at any
time. Together with IPS devices, the IPS Manager provides you with visual, all-around, powerful network
security protection.

What H3C SecCenter IPS Manager can do

As a powerful, efficient IPS device management system, the IPS Manager allows for centralized
management of IPS devices, centralized collection and analysis of security events, and rich security event
statistics reports. From the all-around reports, you can learn the history security status as well as the
security trends of the network easily.

The IPS Manager presents the following key features:

• Visual realtime monitoring, helping you detect network attacks in time.

• Comprehensive analysis and rich statistics reports, reducing your analysis time.

• Fine log auditing, allowing you to track events easily.

• Realtime attack/virus event monitoring, helping you discover security problems in time.

• Centralized, periodic report exporting, releasing you from manual export of reports.

• Centralized configuration of security policies, facilitating security rule configuration, management,

and deployment.

• Centralized upgrade of signature files and license management, ensuring identification of new

attack behaviors.

• Friendly and easy-to-use interface, allowing easy deployment.

1

Installation and uninstallation

Installing the IPS Manager

The software and hardware requirements of the IPS Manager are as follows:

• Hardware: P4 2.0 CPU or above, 1.5G memory or more, 80G disk or more.

• Operating system: Windows 2003 Server (recommended) or Windows XP, installed with the

up-to-date patches.

• Browser: IE 6.0 or above

To install H3C SecCenter IPS Manager, you only need to run the executable file install.exe, which is
under the installation directory, and proceed as prompted.

CAUTION:

After finishing installation, you must restart the operating system.

Registering the IPS Manager

In the address bar of the browser, enter http://localhost/ to open the login page. The default login
username and password are admin and admin1 respectively.

NOTE:

The last character of the password is digit 1.

When you log in to the IPS Manager for the first time, you will see the license information page and the
message “You haven’t registered. Please register to use the system normally.” To register the IPS
Manager, follow these steps:

1. From the navigation tree, select License Application under License Management to enter the user

information page, as shown in

Figure 1 Input user information

Figure 1.

2. Type your information as required and click Apply. The following page appears, as shown in

Figure 2.

2

g

3. Click Download to download the host information file, and save it to a file.

Figure 2 Download the host information

4. Visit the website at www.h3c.com, choose Technical Support & Documents > Product Licensing.

Register your product, and obtain an activation file (also called license file) with the suffix lic.

5. From the navigation tree, select License Registration under License Management to enter the

license registration page, as shown in

Figure 3. Select the license file, and then click Apply.

Figure 3 Register your license

After the acknowledgment page appears, you can use the IPS Manager to configure devices and
perform other operations.

CAUTION:

H3C SecCenter IPS Manager is shipped with a trial license file named SecCenter IPS Mana
License.lic. The license is effective within one month. Before you get a formal license, you can register the
trial license.

Uninstalling the IPS Manager

To uninstall H3C SecCenter IPS Manager, follow these steps:

1. On the Windows desktop, click Start and select Programs > SecCenter > Uninstall SecCenter to

enter the page shown in
Files.

2. Click Uninstall. After the uninstallation completes, click Done.

Figure 4. In this example, the IPS manager is installed under C:\Program

er Evaluation

3

Figure 4 Uninstall the IPS Manager

3. Restart the operating system.

4. Remove all files and subdirectories under the SecCenter installation directory (C:\Program

Files\SecCenter in this example) and the installation directory itself, if any.

CAUTION:

During the uninstallation process, no system data backup operation is performed and all data will also be
removed.

4

System management

The system management component of the IPS Manager is mainly used to configure IPS devices to be
managed by the H3C SecCenter.

To access the system management component, select the System Management tab. Then, you can
perform the following tasks:

•

Device management

Operator management

•

System configuration

•

• License management (see "

Registering the IPS Manager")

Device management

Managing device groups

The device group management function allows you to add, modify, and delete device groups. When you
add devices later, you can add devices to device groups so that you can manage and collect statistics on
users, devices, and IP addresses by device group.

Configuration guide

From the navigation tree of the system management component, select Device Group List under Device
Management. The device group management page appears, as shown in

the device group management functions.

Figure 5 Device group management page

Figure 5. Table 1 describes

Table 1 Device group management functions

Function Description

Device group list

Adding a device group

Device group list

From the navigation tree of the system management component, select Device Group List under Device
Management. The device group management page appears, displaying details about all device groups,

as shown in

Allows you to view details about device groups, and modify and delete device
groups.

Allows you to add a device group and configure the device group name and
description.

Figure 5. Table 2 describes the fields of the device group list.

5

Table 2 Fields of the device group list

Field Description

Device Group Name

Description

Operation

Return to Device group management functions.

Adding a device group

1. From the navigation tree of the system management component, select Device Group List under

Device Management.

2. Click Add to enter the page for adding a device group, as shown in Figure 6.

3. Configure the settings. Table 3 describes the device group configuration items.

4. Click Apply.

Figure 6 Add a device group

Name for the device group

Description of the device group

• Click the icon of a device group to modify the device group.

• Click the icon of a device group to delete the device group.

Table 3 Device group configuration items

Item Description

Required

Device Group Name

Description

Type the name for the device group.

The device group name can comprise up to 100 characters and must not
contain these characters: ”<>’&%:;/

Optional

Type a description for the device group. The description can comprise up
to 100 characters.

Return to Device group management functions.

Managing device access templates

The device access template management function allows you to configure information such as the device
login password.

6

Configuration guide

From the navigation tree of the system management component, select Access Template List under Device
Management. The access template management page appears, as shown in

the template management functions.

Figure 7 Access template management page

Table 4 Template management functions

Function Description

Figure 7. Table 4 describes

Template list

Adding a template Allows you to add templates.

Template list

From the navigation tree of the system management component, select Access Template List under Device
Management. The access template management page appears, as shown in

access templates are displayed.

Table 5 Fields of the template list

Field Description

Template

Version No. Version of the template

Web Username

Web Port

Web Password

Telnet Username

Telnet Password

Allows you to view details about access templates, and modify and delete
templates.

Figure 7. Details of all

Table 5 describes the fields of the template list.

Name of the template

Username for managing the device through web

Port of the device providing web access service

Password for managing the device through web, displayed as a string of
asterisks (*)

Username for telneting to the device

Password for telneting to the device, displayed as a string of asterisks (*)

Operation

Return to Template management functions.

Adding a template

1. From the navigation tree of the system management component, select Access Template List under

Device Management.

2. Click Add to enter the page for adding a template, as shown in Figure 8.

3. Configure the settings. Table 6 describes the template configuration items.

• Click the icon of a template to modify the template.

• Click the icon of a template to delete the template.

7

4. Click Apply.

Figure 8 Add a template

Table 6 Template configuration items

Item Description

Required

Template Name

Web Username

Web Password

Web Port

Telnet Username

Type a name for the template.

The template name can comprise up to 20 characters and must not contain
these characters: ”<>’&%:;/

Required

Specify the username for managing the device through web.

The username can comprise up to 20 characters.

Required

Specify the password for managing the device through web.

IMPORTANT:

The strength of the password must meet the password strength
requirements of the device.

Required

Specify the port of the device providing web access service.

Port 80 is the default.

Optional

Specify the username for telneting to the device.

The username can comprise up to 20 characters.

8

Item Description

Optional

Specify the password for telneting to the device.

Telnet Password

SNMP Version

Community String for Reading

Community String for Writing

IMPORTANT:

The strength of the password must meet the password strength
requirements of the device.

Required

Select an SNMP version from the dropdown list. The options include
SNMPv1, SNMPv2C, and SNMPv3.

Required when the SNMP version is SNMPv1 or SNMPv2C.

Specify the SNMP read community string to be used for communication
with the device.

The string can comprise up to 20 characters.

Required when the SNMP version is SNMPv1 or SNMPv2C.

Specify the SNMP write community string to be used for communication
with the device.

The string can comprise up to 20 characters.

Authentication Username

Authentication Protocol

Return to Template management functions.

Managing devices

On the device list, you can add and remove IPS devices, and perform operations to the devices, such as
telnet, login and properties modification.

Configuration guide

From the navigation tree, select Device List under Device Management. The device management page
appears, as shown in
management functions provided on the device management page.

Figure 9 Device management page

Required when SNMP version is SNMPv3.

Type the username for authentication.

Required when SNMP version is SNMPv3.

Select a protocol for authentication.

Figure 9. All devices are displayed on the list. Table 7 describes the device

9

Table 7 Device management functions

Function Description

Allows you to view details about devices, modify the access parameters,

Device list

Adding a device Allows you to add devices to be managed.

Deleting devices

export the configurations of devices, and access the devices through web
or Telnet.

Allows you to delete devices from the list of managed devices.

Follow these steps:

1. Select the check boxes before the devices to be deleted.

2. Click Delete.

Device list

Refreshing device information

Allows you to obtain the up-to-date device information.

From the navigation tree of the system management component, select Device List under Device
Management. The device management page appears, as shown in
device query option in the query section and

Table 9 describes the fields of the device list.

Figure 9. Table 8 describes the

Table 8 Device query option

Option Description

Device Group

Select a device group to list all devices in the device group.

Table 9 Fields of the device list

Field Description

Running Status

Device Label

Device Group

Device Model

Status of the device. You can click the link to view the event list of the
device. For more information, see “

Name and IP address of the device. You can click the link to view the
details of the device and modify the relevant information.

Device group to which the device belongs

Model of the device

Managing events.”

IP Address

IP address of the device

• Click the icon of a device to open the web console of the device.

• Click the icon of a device to telnet to the device.

• Click the icon of a device to import the IPS attack signatures for the

Operation

device, and click the
the IPS attack/virus signatures of the device in the SecCenter are the
same as those of the IPS device. Generally, this operation is required
whenever an IPS attack/virus signature upgrade is performed on the
IPS device.

icon to import the IPS virus signatures, so that

Return to Device management functions.

10

Adding a device

After completing device group and template configuration, you can add devices to be managed. Only
after you add devices successfully, can you perform centralized analysis on attack, virus, and DDoS
events.

1. From the navigation tree of the system management component, select Device List under Device

Management to enter the device management page.

2. Click Add to enter the page for adding a device, as shown in Figure 10.

3. Configure the settings. Table 10 describes the device configuration items.

4. Click Add.

Figure 10 Add a device

Table 10 Device configuration items

Item Description

Required

Host Name/IP

Device Label

Type the name or IP address of the device to uniquely identify the device in
the SecCenter system.

Required

Type a label for the device, which can be used as an alias of the device.

The device label can comprise up to 20 characters and must not contain
illegal characters.

11

Item Description

Required

Device Group

Select a device group for the device. By default, the device group named
default is selected.

Time Calibration

Select access template

Specify access parameters

Web Username

Web Password

Web Port

Telnet Username

Required

Specify the time zone.

Required. Select either of them.

• If you select Select access template, select a template from the

dropdown list. By default, the template named default is selected.

• If you select Specify access parameters, specify the access parameters.

Required

Specify the username for managing the device through web.

The username can comprise up to 20 characters and must not contain
illegal characters.

Required

Specify the password for managing the device through web.

IMPORTANT:

The strength of the password must meet the password strength
requirements of the device.

Required

Specify the port of the device that provides web access service.

The port number must be an integer in the range from 1 to 65534.

Optional

Specify the username for telneting to the device.

The username can comprise up to 20 characters and must not contain
illegal characters.

Telnet Password

SNMP Version

Community String For Reading

Community String For Writing

Optional

Specify the password for telneting to the device.

IMPORTANT:

The strength of the password must meet the password strength
requirements of the device.

Required

Select a version, which can be SNMPv1, SNMPv2C, or SNMPv3.

Required when the SNMP version is SNMPv1 or SNMPv2C.

Specify the SNMP read community string to be used for communication
with the device.

The string can comprise up to 20 characters.

Required when the SNMP version is SNMPv1 or SNMPv2C.

Specify the SNMP write community string to be used for communication
with the device.

The string can comprise up to 20 characters.

12

Item Description

Authentication Username

Authentication Protocol

Multi-Card Device

Return to Device management functions.

Device information

From the navigation tree of the system management component, select Device List under Device
Management to enter the device management page. Then, you can click the device label link of a device

to display the details of the device and modify the information of the device, as shown in

Figure 11 Device information

Required when SNMP version is SNMPv3.

Type the username for authentication.

Required when SNMP version is SNMPv3.

Select a protocol for authentication.

Optional

Type the IP addresses of interface cards that are on the IPS device. The IP
address must be in dotted decimal notation.

Figure 11.

Managing events

The event management function records the operations on managed devices and logs the events,
allowing you to track the status of devices.

Configuration guide

From the navigation tree of the system management component, select Events under Device Management.
The event management page appears, as shown in
functions.

Figure 12. Table 11 describes the event management

13

Figure 12 Event management page

Table 11 Event management functions

Function Description

Device event list Displays detailed information of the device events.

Device interface event list Displays detailed information of the device interface events.

Allows you to delete events from the event list.

Deleting events

Follow these steps :

1. Select the check boxes before events.

2. Click Delete to delete the events

Device event list

Table 12 describes the event query options. You can use any combination of the options to query for the

events of interest.

Table 12 Event query options

Option Description

Time

Device IP

Severity

Table 13 describes the fields of the event list.

Table 13 Fields of the event list

Field Description

Severity

Source

Select the time period during which the events occurred.

By default, the value of this option is --, which means any time.

Type the IP address of the device.

Select the severity level of the events. Severity levels in descending order
are critical, major, minor, and warning.

By default, the value of this option is --, which means all levels.

Severity level of the event

Label and IP address of the device that is the source of the event

Description

Time

Description of the event

Time when the event occurred

14

Device interface event list

On the device interface event management page, you can set the query conditions to query specific
interface events, view interface event information, and delete the selected interface events.
describes the device interface event query options in the query section.
the device interface event list.

Figure 13 Device interface event list

Table 14

Table 15 describes the fields of

Table 14 Interface event query options

Option Description

Start Time/End Time Select the time period during which the interface events occurred.

Table 15 Fields of the device interface event list

Field Description

Time Time when the event occurred

Device IP IP address of the device where the event occurred

Interface Interface where the event occurred

Status Status of the event

Configuring device interface alarming

This function allows you to specify when and for what events to generate alarms, how to raise alarms,
and where to send alarms.

1. From the navigation tree of the system management component, select Device Interface Alarms

under Device Management. The device interface alarming configuration page appears, as shown
in

Figure 14.

2. Select one or more alarm modes.

3. Select one or both event types for which alarms will be generated.

15

4. Click the alarm time points, or drag the cursor to select time periods. The system will raise alarms

by the specified means when the specified types of events occur during the selected time periods.

Figure 14 Configure device interface alarming

Operator management

The operator management module allows you to manage operators and operation logs, and to change
operator passwords.

Managing operators

This function allows you to manage the rights of web users. There are three user levels: common operator,
system administrator, and super administrator. A higher level operator has all the rights of operators of
a lower level.

Table 16 User levels and the rights

User level Rights

Common operator

(visitor level)

System administrator

(monitoring level)

Super administrator

(management level)

Table 16 describes the rights of the three user levels.

• Use the Ping tool

• Cannot perform any configuration

• Use the Ping tool

• View configuration information except for user information

• View log information except for operation logs

• Perform configurations except for user configuration, operation

logging configuration, software upgrade, and factory defaults
restoration

• View all configurations

• View all logs

• Perform all configurations

16

Configuration guide

From the navigation tree of the system management component, select Operators under Operator
Management. The operator management page appears, as shown in

operator management functions.

Figure 15 Operator management functions

Table 17 Operator management functions

Function Description

Figure 15. Table 17 describes the

Operator list

Adding an operator Allows you to add operators.

Operator list

From the navigation tree of the system management component, select Operators under Operator
Management. The operator management page appears, as shown in

Table 18 Fields of the operator list

Field Description

Login Name

Role

Last Login Time

Managed Device Group

Authentication mode Authentication mode of the operator

Operation

Allows you to view details about operators, modify operator information,
and delete operators.

Figure 15.

Name of the operator

Operation level of the operator

Last time when the operator operated on the web

Device groups for which the operator has operation rights

• Click the icon of an operator to modify the operator’s information.

• Click the icon of an operator to delete the operator.

Return to Operator management functions.

Adding an operator

1. From the navigation tree of the system management component, select Operators under Operator

Management to enter the operator management page.

2. Click Add to enter the page for adding an operator, as shown in Figure 16.

3. Configure the settings. Table 19 describes the operator configuration items.

4. Click Apply.

17

Figure 16 Add an operator

Table 19 Operator configuration items

Item Description

Login Name

Login Password

Confirm Password

Role

Manage Device Groups

Authentication Mode

Type a name for the operator.

The login name can comprise up to 40 characters.

Specify a password for the operator to use at login.

The password must comprise 6 to 20 alphanumeric characters, and its
strength must meet the password strength requirements of the device.

Type the password again, which must be the same as that for Login
Password. If the two are not the same, an error message will appear,
telling you that they must be identical.

Select an operation level for the operator.

Specify which device groups the operator can manage.

Required

Specify an authentication mode for the operator. Available options
include local authentication and LDAP authentication.

When you select LDAP authentication, select an LDAP server.

Return to Operator management functions.

Managing operation logs

Configuration guide

Operations performed by all operators are recorded in operation logs. The super administrator can view
operation logs, query logs by different conditions, and delete logs as needed.

From the navigation tree of the system management component, select Operation Logs under Operator
Management. The operation log management page appears, as shown in

18

Figure 17.

Figure 17 Operation log management page

Table 20 describes the operation log query options. You can use any combination of the options to query

for the logs of interest.

Table 21 describes the fields of the operation log list.

Table 20 Operation log query options

Option Description

Operator

Gateway IP

Operation Result

Specify the operator whose logs you are interested in.

Type the IP address of the gateway.

Select the operation result of the operation logs you are interested in.

By default, the value of this option is --, which means both the succeeded and
failed operations.

Table 21 Fields of the operation log list

Field Description

Operator

IP Address

Time Time when the operation occurred

Operation

Result Whether the operation succeeded or failed

Details

Name of the operator

IP address of the PC used by the operator to log in

What the operator did

Operation details

Changing your login password

This function allows you to change your login password.

From the navigation tree of the system management component, select Password under Operator
Management to enter the page for changing your login password, as shown in

Figure 18. Table 22

describes the configuration items for changing your password.

19

Figure 18 Change your login password

Table 22 Configuration items for changing your password

Item Description

Required

Old Password

New Password

Type the current password.

The password must be an alphanumeric string of 6 to 20 characters.

Required

Type the new password.

The password must be an alphanumeric string of 6 to 20 characters.

Required

Confirm Password

Type the new password again.

This password must be exactly the same as that for New Password.

System configuration

Configuring service parameters

Configuration guide

The service parameters configuration allows you to enable and disable IPS related services, such as
automatic policy deployment, automatic synchronization of attack signatures, and automatic
synchronization of virus signatures. The selected IPS services will be automatically performed, helping
you with IPS management.

From the navigation tree of the system management component, select Service Parameters under System
Config. The service parameter configuration page appears, as shown in
the service parameters configuration items.

Figure 19. Table 23 describes

20

Figure 19 Service parameter configuration page

CAUTION:

On the service parameter configuration page, the IPS related configuration items are Enable automatic

policy deployment, Enable automatic synchronization of attack signature, and Enable automatic
synchronization of virus signature. Other items will not take effect in IPS management.

Table 23 Service parameters configuration items

Item Description

Enable automatic policy deployment

Enable automatic synchronization of
attack signature

Enable automatic synchronization of
virus signature

Automatically deploys and synchronizes the increased
configuration upon policy changes.

Automatically synchronizes the IPS attack signatures when
connected to the device.

Automatically synchronizes the IPS virus signatures when
connected to the device.

Configuring management ports

This function allows you to specify the SecCenter background ports for receiving various logs from
devices.

Configuration guide

1. From the navigation tree of the system management component, select Management Ports under

System Config. The management ports configuration page appears, as shown in

2. Configure the settings. Table 24 describes the management port configuration items.

3. Click Apply.

Figure 20.

21

Figure 20 Management port configuration page

Table 24 Management port configuration items

Item Description

Required

Stream Logs Port

Type the port for receiving stream logs.

The port number must be in the range from 1 to 65534.

NAT Logs Port

Syslog Port

Sflow Logs Port

NetStream V5 Logs Port

NetStream V9 Logs Port

Spam Mail Logs Port

Required

Type the port for receiving NAT logs.

The port number must be in the range from 1 to 65534.

Required

Type the port for receiving syslogs.

The port number must be in the range from 1 to 65534.

Required

Type the port for receiving Sflow logs.

The port must be in the range from 1 to 65534.

Required

Type the port for receiving NetStream V5 logs.

The port number must be in the range from 1 to 65534.

Required

Type the port for receiving NetStream V9 logs.

The port number must be in the range from 1 to 65534.

Type the port for receiving spam mail logs.

The port number must be in the range from 1 to 65534.

Configuring the mail server

You can specify a mail server to which alarms are to be sent in mails.

22