01-01-2008 06:03 AM - edited 03-12-2019 05:55 PM
Are there any Basic IPS Features (functionality) included in ASA without AIP-SSM?
01-01-2008 09:46 AM
Hello,
Yes!
First, the IP audit feature. This one contains approximately 50 basic signatures on IP, ICMP, TCP flags, DNS, UNIX RPCs and fragmentation.
These sigs are classified into 2 families: Informational and Attacks.
You can define a policy on Informational sigs and another policy on Attacks sigs for each interface (policy-to-interface mappings).
The policy configuration considers 2 things:
- Does an alarm should be generated ?
- If the triggered packets will drop, reset or pass
Second, ASA now have a feature called "Threat Detection".
This feature detect DoS and scanning (nmap scans by example) attacks and give you statistics about threats.
Scanning IP source can be shuned.
Hope it will help you!
Francois
01-10-2008 09:01 AM
I can't get the policy-to-interface mappings to take. the pull down box always says none. Any ideas? also where is the "Threat Detection" configured at?
ASA 7.21
01-12-2008 04:19 AM
The Threat Detection feature comes with version 8.x. You can find it in ASDM under "Configuration" -> "Firewall" -> "Threat Detection"
or on the cli (example):
threat-detection basic-threat
threat-detection scanning-threat shun except object-group admin
threat-detection statistics
For configuring ip-audit first you must configure new IP-Audit policies.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: