Troubleshooting

You can enable the IDPS Intrusion Detection and Prevention System (IDPS) monitors, detects, and prevents threats in the inbound and outbound traffic. Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on the defined rules. It inspects data packets, and if any threat is identified, acts real-time to prevent it. engine to capture malicious data packets to analyze the root cause and troubleshoot.

Before You Begin

Prerequisite:

  • You must have an active gateway subscription with Security license.
  • You must have successfully on-boarded and connected the Branch Gateways to HPE Aruba Networking Central.

To troubleshoot Gateway IDS/IPS, complete the following steps:

  1. In the WebUI, complete one of the following steps:
    • To select a gateway group:

      1. In the HPE Aruba Networking Central app, set the filter to a group that contains at least one Branch Gateway.

        The dashboard context for a group is displayed.

      2. Under Manage, click Devices > Gateways.

        A list of gateways is displayed in the List view.

      3. Click Config.

        The configuration page is displayed for the selected group.

    • To select a gateway:

      1. In the HPE Aruba Networking Central app, set the filter to Global or a group that contains at least one Branch Gateway.

      2. Under Manage, click Devices > Gateways.

        A list of gateways is displayed in the List view.

      3. Click a gateway under Device Name.

        The dashboard context for the gateway is displayed.

      4. Under Manage, click Device.

        The gateway device configuration page is displayed.

    The HPE Aruba Networking gateway (independent or part of a group) that you want to configure must support Gateway IDS/IPS.

  2. Under Manage, click Security > Gateway IDS/IPS.
  3. Click the Config icon to open the Gateway IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network./IPS Intrusion Prevention System. The IPS monitors a network for malicious activities such as security threats or policy violations. The main function of an IPS is to identify suspicious activity, log the information, attempt to block the activity, and report it. configuration page.
  4. In the General tab, select the Enable traffic inspection check box.
  5. Click Save.

After enabling traffic inspection:

  • A Refresh extended packet capture dialog pops up. The refresh button allows you to extend large packet capture for another 10 minutes. By default, the traffic inspection configuration is disabled after being active for 10 minutes. If you wish to extend the configuration, click the Refresh extended packet capture refresh button.
  • The HPE Aruba Networking 9004 Branch Gateway starts sending threat data to HPE Aruba Networking Central. By default, only 256 bytes of data are sent to HPE Aruba Networking Central. However, if you enable traffic inspection, up to 4096 bytes of data in the packet are sent to HPE Aruba Networking Central.