We have recently purchased an AIP-SSM-10 module for our ASA5520. I have installed the module run through the initial configuration and updated the software / signatures to the latest version via the ASDM.
I am about to run through the following...Send Network Traffic from the ASA to the AIP SSM...
but would like to know a little more about what will happen once traffic is redirected, my qusetions are as follows...
Does the IPS start blocking traffic by default? or does it just report?
Can we enbale the IPS so that its just reports on what action would have been taken?
Ideally we would like to run traffic through the IPS for a week or so without any blocking, so we can analyze it to reduce false positives.
Is there any documentation expalaining this?
Thanks for all you help