No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU

How to Configure IPS in the USG for UTM Demo.

Publication Date:  2012-07-21 Views:  953 Downloads:  0
Issue Description
1,How to do a UTM demo for customer
2,How to configure the IPS in USG
3,How to test the IPS demo result.
Alarm Information
None.
Handling Process
Configure the USG2200 as follows:
Step 1Set the IP addresses of the interfaces, define routing polices, and add routes to the routing table.
interface GigabitEthernet0/0/0
ip address 192.168.0.1 255.255.255.0
interface GigabitEthernet0/0/1
ip address 10.1.1.1 255.255.255.0
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
firewall zone untrust
set priority 5
add interface GigabitEthernet0/0/2 
firewall policy interzone trust untrust outbound
policy 1
policy source 10.1.1.0 mask 24
action permit
Step 2 Configure a IPS policy.
Step 1
Build a policy name “ipstest” for IPS

Step 2
Enable IPS function and apply it

Step 3
Enable IPS function in public policy and apply it

     
Step 1     TestStep 1
Open the http Server and upload IPS file

Step 2
Use HTTP client to download AV file from HTTP server
 
Step 1Demo effect

Root Cause
Networking in lab environment:
As shown in the following figure, USG firewall have separated two networks.One is 10.1.1.0/24,another is 192.168.0.0/24.The demo is HTTP Client get IPS file from the HTTP server,the file include IPS character.If enabling IPS in USG,and it can detect and block it.The customer can find the warning form USG.

Suggestions
None.

END

Contribute Articles
Feedback
Huawei Enterprise APP

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.