IPS Configuration with inside 3 networks

Unanswered Question
Feb 21st, 2007

Edward,

Thanks for your info. I will contact the customer and dscuss those things.

Also i want to know the following on IPS in-line

setup.

1.IPS Connected behind the firewall pix 525 in in-line mode. Interface pair was created and 2 interfaces are made members of the pair. I assigned the pair to the engine.Here i did not do anything tuning on signatue configuration. All the sig are enabled as default. As soon as the ips placed in the network in in-line it stop thenetwork to go out when i put in bypass mode then working. PLease could you give the basic config to make the IPS working in in-line mode. Inside the network is the one with 3 networks (192.168.100.0, 101.0, 102.0)

ips inside interface sits in 192.168.100.0 network then other 2 networs are in 2 vlans of the core switch 4507R.IPS outside interface in line with pix firewall failover pair. Firewal pair outside connect to the internet router 3825 to the internet using ADSL.

I want to know how to choose the sigs those are only required for the internal networks also.

Waiting for your reply

Thanks in advance

swamy

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

How are you reviewing the alerts that are generated from the IPS?

We use Security Monitor to view these events. I would suggest that you go ahead and put it inline - do an action-override 0-100 - then see what is coming up as "true" for denying. You can start to weed out possible causes that way. I'm sure there are more effective measures, but this one seems to have worked for me.

This is really off the top, as I will think a little more in depth on the issue. You know the pairs are setup correctly for the most part. Looks like the problematic finger points at either the engine or signatures.

Hope this helps as a start.

Regards,

Christopher

arumugasamy Wed, 02/28/2007 - 07:32

Chickman,

When i connect the ips in inline, it stops the network. There is no traffic move bet ips.

I really need to know signature setting to setup.

I did not do much in IPS.I nly configure the interface pair then attached to the analying engine.Could u give me extra config to pass the traffic and do the logging.

swamy

Actions

This Discussion