03-24-2009 10:03 PM - edited 03-10-2019 04:34 AM
Hi,
I'm new IDM
We have a ASA 5520 with IPS 10 module.
i wanted to know how the traffiic will flow in & out
My thoughts: from outside Internet>IPS>FW>LAn
is it right ?
Solved! Go to Solution.
03-31-2009 02:45 AM
hi,
well you can configure the IPS module from the asa cli only. it depends upon the mode you want. promiscous or inline.
if you configure in promiscous mode a copy of packet is sent to the AIP-SSM-10 module, in this case it will act as IDS.
if you configure in inline mode then the traffic comes to inside/outside interface of the ASA and then it will be sent to AIP-SSM-10 module but dont forget to configure "bypass mode on"
load will always be there on the firewall because the module is inbuilt.
and it has to transfer the traffic to the module.
hope your doubt is cleared.
03-30-2009 12:20 PM
The traffic flow will be like this: Internet>FW/ACL>IPS>LAN
03-30-2009 08:59 PM
Is this the recommended design ?
If any application level attack is coming then it come inside the FW & blocked in IPS. This unnecessarily creates load on FW right.
Please correct me if I'm wrong.
03-31-2009 02:45 AM
hi,
well you can configure the IPS module from the asa cli only. it depends upon the mode you want. promiscous or inline.
if you configure in promiscous mode a copy of packet is sent to the AIP-SSM-10 module, in this case it will act as IDS.
if you configure in inline mode then the traffic comes to inside/outside interface of the ASA and then it will be sent to AIP-SSM-10 module but dont forget to configure "bypass mode on"
load will always be there on the firewall because the module is inbuilt.
and it has to transfer the traffic to the module.
hope your doubt is cleared.
03-31-2009 03:13 AM
Thanks,
One more query
Fw logs can be sent to syslog servers.
What about the logs or attacks in IPS?
04-06-2009 10:13 PM
Cisco IPS sensors do not support syslog protocol. They support SNMP traps and SDEE protocol.
You will need to use SDEE (Security
Device Event Exchange) client like CS-MARS and IME( Cisco IPS Manager Express - Free software from Cisco that can monitor/manage upto 5 sensors) to get events data out of IPS devices.
Syed Iftekhar Ahmed
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: