IPS 4240 in test mode?

Unanswered Question

Is there a way to configure the IPS 4240 to monitor traffic but not to block connections? We are currently evaluating the device but would prefer it to monitor rather than block any live traffic at this stage. We have configured an event action filter for all sigs and all source/destination IPs to remove all the deny functions but does anyone have a different way of doing this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rhermes Tue, 04/15/2008 - 07:50
User Badges:
  • Gold, 750 points or more

Simon -


You should set up your 4240 in promiscous mode (as opposed to in-line). Take a switch that is passing all the traffic you'd like to inspect and turn on port spanning with the monitor session commands:

http://www.cisco.com/en/US/docs/ios/12_3t/lanswitch/command/reference/lan_m1gt.html#wp1021715

Then feed the stream into your sensor as an input only.



Actions

This Discussion