Rulesets and Policies

What are the different types of security policies?

There are three different types of security policies for IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. and IPS Intrusion Prevention System. The IPS monitors a network for malicious activities such as security threats or policy violations. The main function of an IPS is to identify suspicious activity, log the information, attempt to block the activity, and report it. , namely lenient, moderate, and strict.

How does enabling IDPS impact operation of the gateway?

For a new and an existing customer, enabling IDPS Intrusion Detection and Prevention System (IDPS) monitors, detects, and prevents threats in the inbound and outbound traffic. Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on the defined rules. It inspects data packets, and if any threat is identified, acts real-time to prevent it. enhances the gateway operation with the added IDPS security features. However, for existing customers with IDPS supported gateways, the gateways reboots as the traffic inspection engine is activated for the first time. It is recommended that you apply the security license after business hours, as this might result in a downtime in the network.

Which is the default inspection mode in Gateway IDS/IPS?

In Gateway IDS/IPS, the default inspection mode is IDS.

What is the default security policy in IPS and IDS?

The default security policy for IPS is IPS Strict, and for IDS is IDS Strict.

How do I stop traffic inspection for certain IDS or IPS rules?

To stop traffic inspection for certain IDS or IPS rules, select the rules in the Rules table and click the Move to Allow List icon. For more information, see Manage Rules in IDPS Policies.

How do I update the ruleset version at regular intervals?

Select the Automatically update the ruleset check box in the Gateway IDS/IPS configuration page and set the day and time to update the ruleset version. For more information, see Updating Ruleset for IDPS

What does the alert icon in the Ruleset version signify?

The alert icon signifies that the ruleset version is not up-to-date and when the ruleset version of the device is older than the ruleset version of the group that it belongs to. To update the ruleset version, hover over the icon to know the latest version available, select the version from the Update To drop-down list, and click Update in the confirmation window.

When does IDPS Supported gateways check for updated ruleset?

The IDPS Supported gateways check for updated ruleset in the following scenarios:

  • When you onboard IDPS Supported gateways to HPE Aruba Networking Central and enable Gateway IDS/IPS, the IDPS Supported gateways check for updated ruleset version.
  • The IDPS Supported gateways check for updated ruleset when the configured ruleset version does not match with the device ruleset version.
  • When you configure the IDPS Supported gateways for automatic update of the ruleset version, the IDPS Supported gateways check for updated ruleset version at the schedule time.
  • When IDPS Supported gateways reconnect to HPE Aruba Networking Central, the IDPS Supported gateways check for updated ruleset version.
  • When IDPS Supported gateways fail to update due to network issues, the IDPS Supported gateways check for updated ruleset version every three minutes until it is successful.

Can I view the list of gateways running 4.x and 5.x rulesets?

Yes, you can view the version number in the Ruleset Type column under Manage > Devices > Gateways.

Can both 4.x and 6.x gateway engine versions co-exist in a single group?

Yes, it is possible. For example, a group can have heterogeneous images with a gateway running HPE Aruba Networking Wireless Operating System 10.4 or lesser version supporting 4.x engine and gateways running AOS-10.4 or higher version supporting the 6.x engine.

Can I view the latest ruleset available timestamp information?

Yes, you can view the timestamp on the Config > General tab. For more information, see Updating Ruleset for IDPS.

Can I perform signature allow listing separately for 4.x and 5.x gateway when they are in the same group?

Yes, you can allow list the signature belonging to a particular ruleset version. For more information, see Enforcing Allow List for a Policy.