How to unblock a web site

Unanswered Question
Aug 24th, 2010
User Badges:


I dont have any experience with the Cisco IPS product.

I can not open a web site because of the IPS. When I shut down the IPS module the web site can be accessed.

Can you guys tell me how to allow access to  a particular web site?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
terrygwazdosky Tue, 08/24/2010 - 09:25
User Badges:

You can edit or disable individual signatures, as well as create filters, but unless you know for sure that it is a false positive you could be opening a security hole.

praprama Tue, 08/24/2010 - 09:43
User Badges:
  • Cisco Employee,


With the IPS active, try accessing the particular website and then view the events on the IPS using IDM. You will see some signature firing that is blocking access to that website.

You can then try disabling that particular signature or tune it to allow access to this website.

Let me know if this helps.



Smailmilak83_2 Thu, 08/26/2010 - 00:14
User Badges:

I checked the events and I can not find anything.

I see only this: CMP Network Sweep w/Echo  id=2100. I can not find my IP address in this log.

The site is It probably has a bad reputation.

Is there a way to access this site with IPS?

praprama Fri, 08/27/2010 - 05:19
User Badges:
  • Cisco Employee,


If the IPS is dropping the connections, you should see events corresponding to it. Let's try the following. Create an access-list of the following format assuming the IP of "" is (found out using "nslookup").

access-list ips permit ip any host

class-map IPS

  match access-list ips

policy-map global_policy

   class IPS

      ips inline fail-open

service-policy global_policy global

By doing the above, we are just passing traffic destined to the site "" thorugh the IPS. After you have done th above, please try accessing the site again and now whatever events you see on the IPS should be related to this one. Hope this helps.




This Discussion