10-16-2008 09:55 PM - edited 03-10-2019 04:20 AM
Hi,
I am new to IPS. Can anybody tell me what the basic policies that need to be configured on the IPS when deploying it in DMZ.
Thanks in advance.
Best Regards,
Rahim
10-16-2008 10:34 PM
Well..if you are asking what signatures needs to be configured then I would say leave it at default signature configuration and you may tune it after a month once you notice a specific traffic pattern ...
Refer to this
http://www.cisco.com/en/US/docs/security/ips/5.1/configuration/guide/cli/cliguide.html
10-16-2008 10:48 PM
Hi,
Thanks for the help. I am actually more concerned regarding the placement of IPS and in which mode I should configure IPS.
1. Promiscous.
2. Inline.
Best Regards,
Rahim
10-17-2008 10:13 PM
See it depends on requirement...promiscous means in parallel to your network , which means the first packet would always go through the network/IDS and then IDS would start taking actions of consecutive packets..inline is blocking the very first packet..
see of this helps more..
http://www.cisco.com/en/US/docs/security/ips/5.1/configuration/guide/cli/cliInter.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide