HP Firewall Series Manuel d'utilisateur Page 1

HP A-IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW101-20110805

6 Return to Device management functions. 3. Adding a device From the navigation tree of the system management component, select Device List under De

96 SSL VPN log auditing The SSL VPN log auditing function allows you to audit user access records, operation logs, resource accesses, and authenticat

97 Figure 103 Operation log auditing Resource access auditing The resource access auditing allows you to audit operations of SSL VPN users based on

98 Figure 105 Authentication failure auditing

99 Configuration example 1 Network requirements The HP A-IMC Firewall Manager works with HP firewall devices. The Firewall Manager collects attack ev

100 2. Select the Firewall Management component, and then select Device Management under Device Management from the navigation tree to enter the dev

101 Configuration example 2 Network requirements The FW device connects the internal network 4.1.1.0/24 through GigabitEthernet 0/4 and connects the

102 Select Firewall > ACL, configure rules for ACL 3000 to permit packets sourced from 4.1.1.0/24. Figure 111 Configure ACL 3000 3. Configure a

103 Figure 113 Add the FW device to the Firewall Manager A-F1000-E192.168.250.214 Configuring intrusion detection in firewall and sending logs to Fi

104 Figure 114 Configure a log host The port number should be in accordance with the management port number set in Firewall Manager, which can be s

105 Figure 116 Userlog NOTE: At present, flow logs refer to session logs only. To generate flow logs, you need to configure session logging accor

7 If you select Specify access parameters, specify the access parameters, including Web Username, Web Password, Web Port, Telnet Username, Telnet Pas

106 • Scanning detection • Blacklist • URPF check

107 NOTE: After configuring all the policies, please remember to click Apply to make them take effect. Verification Firewall logs and Firewall M

108 • Intrusion Policy Log • User log Displaying firewall management statistics on Firewall Manager As we have configured the firewall to sen

109 • Recent list • Inter-zone access logs

110 • Blacklist logs • Operation Logs

111 Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.com/support Befo

112 Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text

113 Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as

114 Index A B C D E F I M N O R S T U V W A Abnormal traffic log auditing,52 Adding devices to the firewall manager,99 Authentication failure auditi

115 User access records auditing,96 V Viewing device statistics,85 W Websites,111

8 Password Required when you select the authentication protocol HMAC-MD5 or SMAC-SHA. Specify the authentication password to be used for communicatio

9 Device software management Device software refers to the software that a firewall device runs to provide services. It can be regarded as the operat

10 multiple devices at a time. You can specify deployment parameters, such as the deployment sequence, policy, time, and error handling mode. A succe

11 (Parallel) or one by one (Serial). When the deployment sequence is serial, the icons are configurable for adjusting the sequence. Error Handling

12 Table 8 Fields of the software backup result list Field Description Device Label Device name and IP address Software Name Name of the software ba

13 a device to another version. Synchronizing configurations Allows you to deploy new configuration settings to devices to make them take effect. Re

14 3. Restoring a configuration file From the navigation tree of the system management component, select Device List under Device Management. The de

15 Table 11 Tabs on the device configuration information management page and functions provided Tab Description Label A label represents a configura

Legal and notice information © Copyright 2011 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitt

16 Figure 13 Compare two configuration files CAUTION: The label Currently indicates the configuration file is currently used by the device and the

17 Table 13 Fields of the running configuration list Field Description Version Uniquely identifies the running configuration file. The version number

18 Description Remarks on the draft. Creation Time Time when the draft is created. Last Modify Time Last time when the draft is modified. Compare

19 Table 15 Device group management functions Function Description Device group list Allows you to view details about device groups and modify and de

20 Description Optional Type a description for the device group. The description can comprise up to 40 characters. Return to Device group management

21 Table 20 describes the fields of the device event list. You can select the check boxes before events and then click Delete to delete the events. T

22 Managing device access templates The device access template management function allows you to configure information such as the device login passw

23 Adding a template From the navigation tree of the system management component, select Access Template List under Device Management to enter the ac

24 The strength of the password must meet the password strength requirements of the device. SNMP Version Required Select an SNMP version, which can b

25 Figure 23 Device software database page Table 26 Device software database functions Function Description Importing device software Allows you t

i Contents Overview ··································································································································

26 Figure 24 Device software import page Managing deployment tasks This function allows you to view all deployment task information. Configuration

27 Creation Time Time when the deployment task is created Creator Creator of the deployment task Start Time Time when the deployment task starts E

28 Table 32 Operator management functions Function Description Operator list Allows you to view details about operators, modify operator information

29 Table 34 Operator configuration items Item Description Login Name Type a name for the operator, a string of up to 40 characters. Login Password S

30 Table 36 Fields of the operation log list Field Description Operator Name of the operator IP Address IP address of the PC used by the operator t

31 System configuration Configuring system parameter Configure the system parameter to allow non-SNMP devices in the system. Configuration guide From

32 Type the port for receiving NAT logs. The port number must be in the range from 1 to 65534. Syslog Port Required Type the port for receiving syslo

33 Type the username for identity authentication on the mail server. The password can comprise up to 80 characters. Password Optional Type the passwo

34 Field Description Operation Click the icon of a filter to modify the settings of the filter. Return to Filter management functions. Adding a f

35 Specify the source ports that you want the system to collect statistics on. Destination Port Optional Specify the destination ports that you want

ii Security zones·····································································································································

36 Table 44 Fields of the LDAP server list Field Description Server Name Name of the LDAP server Server IP Address IP address of the LDAP server Se

37 Admin Password Required Type the administrator password for the LDAP server. Username Attribute Required Type a username attribute for the LDAP se

38 Figure 38 Disk space alarm configuration page Table 46 Alarm configuration items of the disk space for logs Item Description Warning Disk Space

39 Figure 39 Free disk space monitoring page Managing subsystems The subsystem management allows you to manage and monitor multiple Firewall Manage

40 Figure 40 Subsystem information Table 47 Fields of the subsystem list Field Description Server IP IP address of the server for the subsystem. P

41 User Name Required Type the username for logging in to the subsystem. The username can comprise up to 40 characters. Password Required Specify the

42 Firewall management The Firewall Manager enables centralized management of firewall devices in the network, centralized event collection and analy

43 Figure 42 Snapshot of events Table 49 Event snapshot query options Option Description Device Select a device, a device group, or All devices fro

44 • In the Detail column of a TopN list, you can click the icon of an attack event to enter the attack event details page. For more information,

45 Device monitoring In addition to the attack event information of the entire network, the firewall management component also allows you to view the

1 Overview Introduction to HP A-IMC Firewall Manager HP A-IMC Firewall Manager is a powerful system for comprehensive analysis and centralized manage

46 Figure 45 Attack event overview Table 53 Query options on the attack event overview page Option Description Device Select a device, a device gro

47 Figure 46 Top 10 attack events contrast graph You can click the link to export all the analysis reports that the event overview function provi

48 Figure 47 Attack event details Table 54 Event details query options Option Description Device Select a device, a device group, or All devices fr

49 Table 55 Fields of the attack event details list Field Description Time Time when the attack event occurred Src IP Attack source IP address Dest

50 Table 57 Fields of the report export task list Field Description Report Task Name of the report export task Creation Time Time when the task was

51 Return to Report export task management functions. Adding a report export task From the navigation tree of the firewall management component, sele

52 The event auditing function does not support cross-day query. If the query period spans a day or the query start time is later than the end time,

53 Figure 52 Abnormal traffic log auditing Blacklist log auditing Configuration guide From the navigation tree of the firewall management component

54 Figure 54 Operation log auditing Other log auditing Configuration guide From the navigation tree of the firewall management component, select Ot

55 NAT log auditing Configuration guide From the navigation tree of the firewall management component, select NAT Logs under Event Auditing to enter

2 Installation and uninstallation Installing the firewall manager The software and hardware requirements of the Firewall Manager are as follows: • H

56 Figure 57 MPLS log auditing NOTE: If the IP address/port number is null in the database, NA will be displayed in the IP address or port field.

57 Adding a security zone Allows you to add a security zone. Importing security zones from a device Allows you to import security zones from a devic

58 Table 63 Security zone configuration item Item Description Security Zone Type a name for the security zone. A security zone name cannot contain an

59 Deleting a time range Allows you to click the icon of a time range to delete the time range. Time range list The time range list is on the time

60 and then select the days of the week during which the time period applies. By default, the periodic time period is from 0:0 to 24:0 every day. •

61 Protocol Protocol used by the service Protocol Parameters Parameters configured for the protocol Return to Service management functions. User-d

62 Figure 65 Add a user-defined service Table 70 User-defined service configuration items Item Description Name Required Type a name for the user-d

63 To delete user-defined services, select them and click Delete on the user-defined service management page. Return to Service management functions.

64 Figure 67 Add a service group Table 72 Service group configuration items Item Description Name Required Type a name for the service group. Valid

65 IP addresses Configuration guide From the navigation tree of the firewall management component, select IP Addresses under Security Policy Manageme

3 Figure 2 Register your license After seeing the acknowledgement page, you can use the Firewall Manager to configure devices and perform other ope

66 Figure 69 Add a host address Table 75 Host address configuration items Item Description Name Required Type a name for the host address. Valid ch

67 Address ranges From the navigation tree of the firewall management component, select IP Addresses under Security Policy Management. Click the Addr

68 Table 77 Address range configuration items Item Description Name Required Type a name for the address range. Valid characters for the name: letter

69 Subnet Subnet address and mask Excluded Addresses Addresses excluded from the subnet Description Descriptive information about the subnet addre

70 Specify a subnet address. The IP address must be in dotted decimal notation. Wildcard Required Select a wildcard mask for the subnet address. Excl

71 Figure 75 Add an IP address group Table 81 IP address group configuration items Item Description Name Required Type a name for the IP address gr

72 Interzone rules Configuration guide From the navigation tree of the firewall management component, select Interzone Rules under Security Policy Ma

73 Dest IP Query interzone rules by destination IP. Time Range Query interzone rules by time range. Policy Query interzone rules by policy. Status

74 Figure 77 Add an interzone rule Table 85 Interzone rule configuration items Item Description Src Zone Required Select a source zone for the inte

75 Src IP Required Add source IP addresses for the interzone rule. • Available IP addresses are listed in the left box. The right box lists the sour

4 System management The system management component is mainly used to configure the firewall devices to be managed by the Firewall Manager. To access

76 Enable this rule Optional Select this option to enable the interzone rule. By default, this option is not selected. Continue to add another rule O

77 Table 87 Fields of the interzone policy list Filed Description Policy Name Name of the interzone policy Description Descriptive information abou

78 Figure 80 Rule management page Table 89 Fields of the policy’s rule list Filed Description ID ID of the interzone rule When you create an interz

79 Figure 81 Add interzone rules to the policy Return to Interzone policy management functions. Sorting interzone rules On an interzone policy’s ru

80 Interzone policy applications Configuration guide From the navigation tree of the firewall management component, select Apply Interzone Policy und

81 Application Result Application result of the interzone policy Remarks Displays the security zones that are covered by some of the policy’s rules

82 Figure 86 List of rules applied to a device Table 93 Applied rule list query options Option Description Src Zone Query interzone rules by sourc

83 Policy Policies that the interzone rule is in. You can click a policy name to enter the page for managing the policy's rules. See “Rule manag

84 Firewall device list From the navigation tree of the firewall management component, select Device Management under Device Management. The firewall

85 Return to Firewall management functions. Viewing device statistics The device statistics function can collect statistics on devices by day, week,

5 Figure 3 Device management page Table 1 Device management functions Function Description Device list Allows you to view details about devices, e

86 Figure 90 Device configuration segment management page Table 99 Configuration segment management functions Function Description Configuration se

87 Description Detailed description of the configuration segment Operation • Click the icon of a configuration segment to rename the configuratio

88 Table 101 Configuration segment configuration items Item Description File Type Required Select the configuration segment type, cfg or xml. Filenam

89 Deploying a configuration segment On the configuration segments list, click the icon of a configuration segment to configure a deployment task f

90 Figure 95 Configure deployment task attributes 4. Confirm your configuration. You can click the icon in the device list to view the configur

91 Managing deployment tasks Configuration guide From the navigation tree of the firewall management component, select Deployment Tasks under Policy

92 Table 103 Fields of the deployment task list Field Description Execution Status Execution status of the task Task Name Name of the task Task Typ

93 SSL VPN auditing As Virtual Private Network (VPN) is much cheaper and more flexible to use than leased lines, more and more companies are establis

94 Online users trends The online user trend graph displays the number of online SSL VPN users during a day, week, month, or a customized period of t

95 Figure 100 Daily user statistics NOTE: The User Count field shows the count of login times on that day. Device monitoring In addition to the