03-02-2008 07:42 PM - edited 03-10-2019 04:01 AM
Hi,
Our supplier has configured IPS on ASA device. With changing to session mode and then making some configuration. But we are unable to test that it has been configured properly or not.
Is there any way to check wheather it has been configured properly ?
Do we need to update the signature very often ?
Any tool available to simulate a situation so that configuration can be tested ?
Link on cisco.com or experience is highly appreciated !
Thanks in advance.
subodh
03-03-2008 10:42 AM
anyway you can post up your config?
here is a link that might be helpful
http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/cli/cliguide.html
03-04-2008 09:36 AM
If you have remote access to the unit and are comfortable with the CLI, the "show status" family of commands will tell you what is working or not.
show stat analysis-engine
show stat virtual-sensor
show interface (see if you're getting traffic)
To test the sensor, un-retire and enable sig 2004 (echo reply). Run some pings and replies thru the sensor and look for events:
show event alert past 00:10 (shows all of your alerts for the past 10 min)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: