Software Defined Networking (SDN)

Reply
Highlighted
Chief Airhead
Posts: 1,077
Registered: ‎07-13-2010

SDN Network Protector; user points to remote IP host instead

Post from: http://community.hpe.com/t5/SDN-Discussions/SDN-Network-Protector-user-points-to-remote-IP-host-instead/td-p/6805557

 

Hi,

 

As I saw in the HP SDN Network Protector info, it would get DNS traffic by using OpenFlow switch. OpenFlow switch like 2920 can send a user entering a web site(DNS info) to Protector and examines it.

 

If some smart users enter a remote malicious website by using IP address instead, does Network Protector still examine for those users for that site?   

 

 

Sean Rynearson | Chief Airhead
Aruba, a Hewlett Packard Enterprise Company
Aruba Employee
Posts: 8
Registered: ‎11-18-2015

Re: SDN Network Protector; user points to remote IP host instead

You are correct that Network Protector cannot automatically filter on every individual IP session and protects using DNS information.  Today, we would expect that the Firewall/IPS would catch this malicious behavior you've described.  (Manual IP Address filtering can be added using the ACL Manager feature)

 

Network Protector is designed to augment the Firewall/IPS and provide additional filtering and mitigation at the client access edge of the network.  This significantly reduces the amount of malicious traffic that reaches the Firewall/IPS at the Internet edge.

Scott Koster | Technical Marketing Engineer, SDN & Solutions
Aruba, a Hewlett Packard Enterprise Company
Search Airheads
Showing results for 
Search instead for 
Did you mean: