Question & Answer
Question
Is stateful inspection used for NAP rules on QRadar Network Security (XGS) sensors?
Answer
The XGS sensor uses stateful inspection when analyzing traffic.
Example:
Traffic is being sent between Server 1 and Server 2, with the XGS sensor deployed in the network between the two servers like the following:
Server 1 --- XGS --- Server 2
In this environment, a rule is configured on the XGS to block traffic from Server 2 to Server 1.
Example:
Traffic is being sent between Server 1 and Server 2, with the XGS sensor deployed in the network between the two servers like the following:
Server 1 --- XGS --- Server 2
In this environment, a rule is configured on the XGS to block traffic from Server 2 to Server 1.
- Test 1: Ping traffic (ICMP) is sent from Server 1 to Server 2. The ping is able to successfully travel from Server 1 to Server 2 and the reply traffic is able to successfully return from Server 2 to Server 1.
- Test 2: Ping traffic (ICMP) is sent from Server 2 to Server 1. The ping is dropped by the XGS before it reaches Server 1.
[{"Product":{"code":"SSFSVP","label":"IBM QRadar Network Security"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Network Access Policy","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Product":{"code":"SSHLHV","label":"IBM Security Network Protection"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Network Access Policy","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
23 January 2021
UID
swg22013039