01-05-2016 01:05 PM
As I saw in the HP SDN Network Protector info, it would get DNS traffic by using OpenFlow switch. OpenFlow switch like 2920 can send a user entering a web site(DNS info) to Protector and examines it.
If some smart users enter a remote malicious website by using IP address instead, does Network Protector still examine for those users for that site?
Solved! Go to Solution.
01-06-2016 09:56 AM
You are correct that Network Protector cannot automatically filter on every individual IP session and protects using DNS information. Today, we would expect that the Firewall/IPS would catch this malicious behavior you've described. (Manual IP Address filtering can be added using the ACL Manager feature)
Network Protector is designed to augment the Firewall/IPS and provide additional filtering and mitigation at the client access edge of the network. This significantly reduces the amount of malicious traffic that reaches the Firewall/IPS at the Internet edge.
Aruba, a Hewlett Packard Enterprise Company