Why my IPS - aip-ssm send requests to port 80

Unanswered Question
May 26th, 2009
User Badges:

I have a web proxy ..tunnel filters...and AIP-SSM....inside of the network...i configure host service, network setting and hhtp-proxy to use my proxy when updating global corelation ...

On proxy I allow hhtps to ---ironport service.

In proxy log I see that https to is allowed and after that ips try to sending http packets to -----I SEE in the RIPE that is AKAMAI technologies IP..address.

What is this?

Why my IPS - aip-ssm send requests to port 80

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Tue, 05/26/2009 - 06:09
User Badges:
  • Red, 2250 points or more

The IPS is not a layer three device, it does not send any packets like you describe, What are you talking about exactly, your post is not clear.

Some exceptions are when it needs to download updates, the new Global IPS feature etc.

AKAMAI is a content delivery network used by many web sites to provide you a 'faster' cached copy of the content (hosted by AKAMAI).



fisko Tue, 05/26/2009 - 23:00
User Badges:

Well ISP is not layer 3 device in manner of routing but it is sending http and https packets for update.

I found that in version 7 of IPS ...IPS send https request to ironport manifest server and than manifest server return the content delivery servers ip. After this IPS contact content dilivery server and get the update over http port.

In Cisco guide there is no any informations about public content delivery network and port 80 for update...

Farrukh Haroon Tue, 05/26/2009 - 23:30
User Badges:
  • Red, 2250 points or more

This is the new 7.x Global Correlation feature, and it is documented here:



AFAIK, you can turn off this feature as per your discretion. Cisco has adapted the Ironport senderbase technology to their IPS as well. Its a pretty interesting feature, I hope it becomes as successful as the one for mail traffic.

Please rate if helpful.




This Discussion