Inspecting traffic one way

Unanswered Question
sadbulali Tue, 12/02/2008 - 09:28

You can configure AIP-SSM to inspect traffic in inline or promiscuous mode and in fail-open or fail-over mode.On the adaptive security appliance, to identify traffic to be diverted to and inspected by AIP-SSM:

1. Create or use an existing ACL.

2. Use the class-map command to define the IPS traffic class.

3. Use the policy-map command to create an IPS policy map by associating the traffic class with one or more actions.

4. Use the service-policy command to create an IPS security policy by associating the policy map with one or more interfaces.The AIP SSM runs advanced IPS software that provides proactive, full-featured intrusion prevention services to stop malicious traffic, including worms and network viruses, before they can affect your network. This section includes the following topics:

rhermes Tue, 12/02/2008 - 12:25

There is a setting for "loose" TCP processing that is supposed to allow the sensor to watch only half of a TCP conversation, but we found it didn'twork very well and CPU unexpectedly increased significantly as a result.


This Discussion