I am a beginner in ASA IPS Concept and my company OWN a 5520 ASA .
Currently ASA has been connected to ISP connected router and serving as an Firewall to controll internet traffic which
is integrated to Websense for URL filtering.
Can you please let me know what all should we expected to configure in IPS in this scenario and what is function of IPS.
what is the main function of IPS?
Greatful to your posts.
The main function of the AIP-SSM in your ASA-5520 is to perform packet inspection and signature matching to detect potential exploit traffic within your network. If such traffic is detected, the AIP-SSM can deny that traffic from traversing your ASA. Here is a link to a brief overview of the product:
First you need to configure the ASA to divert traffic to the AIP-SSM for inspection, this is outlined here:
You will then want to ensure the backplane interface (GigabitEthernet0/1) is added to a virtual-sensor on the AIP-SSM to allow inspection to occur.
You will want to ensure the signature definitions on the AIP-SSM are up-to-date. This ensures the most accurate protection from the AIP-SSM perspective. This will require an active license be installed on the AIP-SSM.
Next, you will most likely want to monitor the events generated by the AIP-SSM. For that, Cisco offers a free, entry-level solution called IPS Manager Express (IME). You can find out more, and download IME here:
You will want to monitor IME to learn of potential security risks within the network traffic traversing your infrastructure. When you encounter signature events for which you wish to gain more insight, you can visist Cisco's IntelliShield site for further investigation:
The details found here, can also be expanded within the IME event display.
Use of an IPS will be a continual monitor and learn phase to ensure you are aware of expected traffic and unexpected traffic, and that appropriate response can be applied. This is something that is different in each and every environment, so there is not a simple white paper on how to perform these actions.