Using blocking on our IPS Sensor

Unanswered Question
Jul 24th, 2008

I currently have a Cisco IPS 4240 employed inline in my Customers Network. It is inside of the border Router, and in front of the Outside Firewall which protects the DMZ.

the IPS is already configured to block certain types of packets inline. I was reading about blocking and the ability of the IPS Sensor to not only manage other devices (both our border router which is a 3825 and our ASA which is a 5520) are capable of being managed for blocking purposes).

Can someone give me a practical example of why I might want to configure either the border router or the ASA to block for the Sensor?

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
mhellman Thu, 07/24/2008 - 08:43

I think that capability existed before the inline existed. However, there still may be good reasons to use it. You could deny an attacker at the border [and any other border] and prevent packets from hitting networks and devices that are either before the IPS or not protected by it inline at all.

Kevin Melton Thu, 07/24/2008 - 09:22

That's a good answer. My customer does not have any devices between the border router and the IPS, so perhaps we do not need to use any blocking... what about blocking things coming from inside networks? We have a DMZ that is separated by ASA's on both sides, and both of these are inside of the IPS unit?

Actions

This Discussion