40 Network Intrusion Prevention Design Guide: Using IBM Security Network IPS
Remote segment Network IPS
With the GX4004C-200, IBM can serve the low-end IPS market at a competitive
price. The GX4004C-200 is a 4-port appliance that can protect two network
segments. It is licensed for up to 200 Mbps.
The GX4004C-200 uses the same hardware as the GX4004C. However, the
client is limited by the license agreement to deploy this product only on networks
with a maximum of 200 Mbps of traffic.
2.2.1 Version 4.x generation firmware
The Version 4.x firmware releases provide the following functions and benefits
among others:
򐂰 Improved, faster, and easier to use navigation in the dashboard (see 2.2.2,
“Local management interface” on page 40)
򐂰 IPv6 support
򐂰 Simple Network Management Protocol (SNMP) version 3 support
򐂰 Support for a Radius authentication server
򐂰 Support for geographic high availability (HA; see 3.4, “High availability” on
page 97)
򐂰 Simplified and more intuitive editors for Data Loss Prevention and Web
Application Protection policies
2.2.2 Local management interface
In firmware release 4.1, a major redesign of the local management interface
(LMI) was made. This new release provides an improved user experience when
managing individual IBM Security Network IPS appliances from a secure web
browser session. The interface is organized in two main sections:
򐂰 Drop-down menus for navigation at the top of the page
򐂰 The page itself, where the content of menu selections is shown
Chapter 2. Introducing the IBM Security Network IPS solution 41
The menu items shown in Figure 2-3 divide the appliance management into five
areas with corresponding subtasks:
򐂰 Home: Appliance Dashboard
򐂰 Monitor: Health and Statistics
򐂰 Secure: Protection Settings
򐂰 Manage: System Settings
򐂰 Review: Analysis and Diagnostics
Figure 2-3 Menu options on the LMI
Home (first menu option)
The Home page is the first menu option on the left in the dashboard. It provides a
single action selection called the
Appliance Dashboard (Figure 2-4).
Figure 2-4 Home page (Appliance Dashboard) of the LMI
42 Network Intrusion Prevention Design Guide: Using IBM Security Network IPS
The dashboard provides an at-a-glance view of the health status of the key
components of the solution:
򐂰 The upper left section provides an overall picture of the current posture of the
system.
򐂰 The Network section shows the network health status for each segment and
throughput charts.
򐂰 The Security section shows health notifications and graphs of the last 10 IPS
events, top 10 intruders, top 10 victims, blocked attacks, and blocked packets.
򐂰 The System summary section provides an overview of memory and hard disk
storage utilization graphs and a table of significant events.
Users can navigate to explore more detailed data by clicking through the
dashboard summary information.
Monitor (second menu option)
The Monitor page (Figure 2-5) is the second menu option from the left in the
dashboard. It contains a convenient set of tools for viewing the health, status,
and performance of your appliance in one place. You use this page to analyze
trends in your security network or to navigate to specific pages to troubleshoot
and research security events. You can also use this page to view general
information, such as the model, firmware version, available memory, uptime, or
the current backup version.
Figure 2-5 Monitor page (Health and Statistics) of the LMI
The Monitor page provides multiple actions that are divided in three major areas:
򐂰 Network
򐂰 Security
򐂰 System

Get Network Intrusion Prevention Design Guide: Using IBM Security Network IPS now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.