10-21-2008 12:56 AM - edited 03-10-2019 04:20 AM
Dear all
please find the attached file.
i have ips 4240 and it is working properly.
i tuned some signatures to block the connections for any pc that has abnormal traffic or try to use P2P application but i want to know something in the attached file , what is the difference between
connection block enabled ----> true
connection block enabled ----> false
In other words , what is the meaning of ture and false in the attached file???
waiting for your replies .
regards
Mohamed
10-21-2008 05:39 AM
Hello Mohammad
There are three type of blocks on the Cisco IPS, connection block enabled referred to the blocks that match no both source/dest etc. and not just the source. From the user guide:
"There are three types of blocks:
â¢Host block-Blocks all traffic from a given IP address.
â¢Connection block-Blocks traffic from a given source IP address to a given destination IP address and destination port.
Multiple connection blocks from the same source IP address to either a different destination IP address or destination port automatically switch the block from a connection block to a host block.
--------------------------------------------------------------------------------
Note Connection blocks are not supported on firewalls. Firewalls only support host blocks with additional connection information.
--------------------------------------------------------------------------------
â¢Network block-Blocks all traffic from a given network.
You can initiate host and connection blocks manually or automatically when a signature is triggered. You can only initiate network blocks manually.
--------------------------------------------------------------------------------
Caution Do not confuse blocking with the sensor's ability to drop packets. The sensor can drop packets when the following actions are configured for a sensor in inline mode: deny packet inline, deny connection inline, and deny attacker inline. "
Please rate if helpful.
Regards
Farrukh
10-21-2008 09:31 AM
Dear Farrukh
Thanks for your reply and your support. What i need to know what is the meaning of True and False in the Connection Block Enabled column in the attached file????
regards
mohamed
10-21-2008 11:34 PM
Dear Mohammad
When that field is set to true, then it means a "Connection block" is being done instead of a "Host block" (based on source IP only). When it is false it implies a "Host Block".
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: