Hello,

We have an ASA 5510 with the SSM-10 module installed. ASA is running version 8.2 and IPS is version 7.1. We have put the module into inline mode in order for it to actively deny traffic, but we see policies that are firing without being acted upon. Not sure if this is a misconfiguration on our part or something else. Attached is the IPS statistics printout. If someone has any suggestions from looking at this printout, please comment.

Thanks folks.

         ---Transaction Server Statistics-----
  section General
      totalControlTransactions 3217
      failedControlTransactions 4

-----Virtual Sensor Statistics-----
  section Virtual Sensor Statistics
    section Statistics for Virtual Sensor vs0
        Name of current Signature-Defintion instance sig0
        Name of current Event-Action-Rules instance rules0
        List of interfaces monitored by this virtual sensor GigabitEthernet0/1 subinterface 0
      section General Statistics for this Virtual Sensor
          Number of seconds since a reset of the statistics 47913
          MemoryAlloPercent 47
          MemoryUsedPercent 42
          MemoryMaxCapacity 500000
          MemoryMaxHighUsed 2826897
          MemoryCurrentAllo 237068
          MemoryCurrentUsed 212840
          Inspection Load Percentage 14
          Total packets processed since reset 34505688
          Total IP packets processed since reset 34505688
          Total IPv4 packets processed since reset 34505688
          Total IPv6 packets processed since reset 0
          Total IPv6 AH packets processed since reset 0
          Total IPv6 ESP packets processed since reset 0
          Total IPv6 Fragment packets processed since reset 0
          Total IPv6 Routing Header packets processed since reset 0
          Total IPv6 ICMP packets processed since reset 0
          Total packets that were not IP processed since reset 0
          Total TCP packets processed since reset 34325323
          Total UDP packets processed since reset 167065
          Total ICMP packets processed since reset 13300
          Total packets that were not TCP, UDP, or ICMP processed since reset 0
          Total ARP packets processed since reset 0
         Total ISL encapsulated packets processed since reset 0
          Total 802.1q encapsulated packets processed since reset 0
          Total GRE Packets processed since reset 0
          Total GRE Fragment Packets processed since reset 0
          Total GRE Packets skipped since reset 0
          Total GRE Packets with Bad Header skipped since reset 0
          Total IpIp Packets with Bad Header skipped since reset 0
          Total Encapsulated Tunnel Packets with Bad Header skipped since reset 0
          Total packets with bad IP checksums processed since reset 0
          Total packets with bad layer 4 checksums processed since reset 4
          Total cross queue TCP packets processed since reset 0
          Total cross queue UDP packets processed since reset 0
          HTTP transfer encoding errors 0
          HTTP content encoding errors 0
          HTTP character encoding errors 0
          HTTP connection out of sync 0
          HTTP pipelining or persistence out of sync 0
          Total number of bytes processed since reset 3759758068
          The rate of packets per second since reset 720
          The rate of bytes per second since reset 78470
          The average bytes per packet since reset 108
      section Denied Address Information
          Number of Active Denied Attackers 0
          Number of Denied Attackers Inserted 1
          Number of Denied Attacker Victim Pairs Inserted 0
          Number of Denied Attacker Service Pairs Inserted 0
          Number of Denied Attackers Total Hits 1
          Number of times max-denied-attackers limited creation of new entry 0
          Number of exec Clear commands during uptime 0
      section Denied Attackers and hit count for each.
      section Denied Attackers with percent denied and hit count for each.
      section The Signature Database Statistics.
        section The Number of each type of node active in the system
            Total nodes active 12754
            TCP nodes keyed on both IP addresses and both ports 2640
            UDP nodes keyed on both IP addresses and both ports 9
            IP nodes keyed on both IP addresses 1413
        section The number of each type of node inserted since reset
            Total nodes inserted 22856965
            TCP nodes keyed on both IP addresses and both ports 6605775
            UDP nodes keyed on both IP addresses and both ports 77832
            IP nodes keyed on both IP addresses 1331670
        section The rate of nodes per second for each time since reset
            Nodes per second 477
            TCP nodes keyed on both IP addresses and both ports per second 137
            UDP nodes keyed on both IP addresses and both ports per second 1
            IP nodes keyed on both IP addresses per second 27
        section The number of root nodes forced to expire because of memory constraints
            TCP nodes keyed on both IP addresses and both ports 0
          Packets dropped because they would exceed Database insertion rate limits 0  
 section Fragment Reassembly Unit Statistics for this Virtual Sensor
          Number of fragments currently in FRU 0
          Number of datagrams currently in FRU 0
          Number of fragments received since reset 19
          Number of fragments forwarded since reset 19
          Number of fragments dropped since last reset 0
          Number of fragments modified since last reset 0
          Number of complete datagrams reassembled since last reset 4
          Fragments hitting too many fragments condition since last reset 0
          Number of overlapping fragments since last reset 0
          Number of Datagrams too big since last reset 0
          Number of overwriting fragments since last reset 0
          Number of Inital fragment missing since last reset 0
          Fragments hitting the max partial dgrams limit since last reset 0
          Fragments too small since last reset 0
          Too many fragments per dgram limit since last reset 0
          Number of datagram reassembly timeout since last reset 0
          Too many fragments claiming to be the last since last reset 0
          Fragments with bad fragment flags since last reset 0
      section TCP Normalizer stage statistics
          Packets Input 32172092
          Packets Modified 0
          Dropped packets from queue 0
          Dropped packets due to deny-connection 0
          Duplicate Packets 0
          Current Streams 2640
          Current Streams Closed 0
          Current Streams Closing 0
          Current Streams Embryonic 0
          Current Streams Established 0
          Current Streams Denied 0
          Total SendAck Limited Packets 0
          Total SendAck Limited Streams 0
          Total SendAck Packets Sent 0
      section Statistics for the TCP Stream Reassembly Unit
        section Current Statistics for the TCP Stream Reassembly Unit
            TCP streams currently in the embryonic state 0
            TCP streams currently in the established state 0
            TCP streams currently in the closing state 0
            TCP streams currently in the system 0
            TCP Packets currently queued for reassembly 0
        section Cumulative Statistics for the TCP Stream Reassembly Unit since reset
            TCP streams that have been tracked since last reset 0
            TCP streams that had a gap in the sequence jumped 0
            TCP streams that was abandoned due to a gap in the sequence 0
            TCP packets that arrived out of sequence order for their stream 0
            TCP packets that arrived out of state order for their stream 0
            The rate of TCP connections tracked per second since reset 0
  section SigEvent Preliminary Stage Statistics
          Number of Alerts received 35195507
          Number of Alerts Consumed by AlertInterval 17188269
          Number of Alerts Consumed by Event Count 17999591
          Number of FireOnce First Alerts 0
          Number of FireOnce Intermediate Alerts 0
          Number of Summary First Alerts  37
          Number of Summary Intermediate Alerts  1
          Number of Regular Summary Final Alerts  1
          Number of Global Summary Final Alerts  0
          Number of Active SigEventDataNodes  11594
          Number of Alerts Output for further processing 7647
        section Per-Signature SigEvent count since reset
            Sig 2157.1 247
            Sig 3051.0 811075
            Sig 3051.1 17188269
            Sig 6009.0 17188269
            Sig 6901.0 1474
            Sig 6902.0 1474
            Sig 6903.0 1474
            Sig 6910.0 1593
            Sig 6920.0 1593
            Sig 20059.1 12
            Sig 23782.2 26
            Sig 28779.0 1
      section SigEvent Action Override Stage Statistics
          Number of Alerts received to Action Override Processor 7579
          Number Of Meta Components Input 38
          Number of Alerts where an override was applied 7579
          Number of Alerts where a Trait override was applied 7579
        section Actions Added
            deny-attacker-inline 1
            deny-attacker-victim-pair-inline 1
            deny-attacker-service-pair-inline 1
            deny-connection-inline 7579
            deny-packet-inline 1
            modify-packet-inline 0
            log-attacker-packets 1
            log-pair-packets 1
            log-victim-packets 1
            produce-alert 0
            produce-verbose-alert 0
            request-block-connection 7349
            request-block-host 5928
            request-snmp-trap 0
            reset-tcp-connection 7579
            request-rate-limit 0    
  section SigEvent Action Filter Stage Statistics
          Number of Alerts received to Action Filter Processor 0
          Number of Alerts where an action was filtered 0
          Number of Filter Line matches 0
          Number of Filter Line matches causing decreased DenyPercentage 0
        section Actions Filtered
            deny-attacker-inline 0
            deny-attacker-victim-pair-inline 0
            deny-attacker-service-pair-inline 0
            deny-connection-inline 0
            deny-packet-inline 0
            modify-packet-inline 0
            log-attacker-packets 0
            log-pair-packets 0
            log-victim-packets 0
            produce-alert 0
            produce-verbose-alert 0
            request-block-connection 0
            request-block-host 0
            request-snmp-trap 0
            reset-tcp-connection 0
            request-rate-limit 0
        section Filter Hit Counts
      section SigEvent Action Handling Stage Statistics.
          Number of Alerts received to Action Handling Processor 7609
          Number of Alerts where produceAlert was forced 0
          Number of Alerts where produceAlert was off 0
          Number of Alerts using Auto One Way Reset 0
        section Actions Performed
            deny-attacker-inline 1
            deny-attacker-victim-pair-inline 1
            deny-attacker-service-pair-inline 1
            deny-connection-inline 0
            deny-packet-inline 1
            modify-packet-inline 0
            log-attacker-packets 7609
            log-pair-packets 7609
            log-victim-packets 7609
            produce-alert 7609
            produce-verbose-alert 0
            request-block-connection 1
            request-block-host 1
            request-snmp-trap 0
            reset-tcp-connection 0
            request-rate-limit 0
    section Deny Actions Requested in Promiscuous Mode
            deny-packet not performed 7608
            deny-connection not performed 0
            deny-attacker not performed 7608
            deny-attacker-victim-pair not performed 7608
            deny-attacker-service-pair not performed 7608
            modify-packet not performed 0
          Number of Alerts where deny-connection was forced for deny-packet action 0
          Number of Alerts where deny-packet was forced for non-TCP deny-connection action 1
      section Anomaly Detection Statistics
        section Number of Received Packets:
            TCP 0
            UDP 0
            Other 0
            TOTAL 0
        section Number of Overrun Packets:
            TCP 0
            UDP 0
            Other 0
            TOTAL 0
          Number of Ignored Packets 0
          Number of Events 16164879
        section Number of Recurrent Events:
            TCP 233461
            UDP 10822
            Other 0
            TOTAL 244283
          Number of Worms 0
          Number of Scanners 0
          Number of Scanners Under Worm 0
        section Internal Zone
          section Number of Events:
              TCP 0
              UDP 0
              Other 0
              TOTAL 0
          section Number of Overrun Events:
              TCP 0
              UDP 0
              Other 0
              TOTAL 0
        section External Zone
          section Number of Events:
              TCP 16069562
              UDP 89570
              Other 5747
              TOTAL 16164879
          section Number of Overrun Events:
              TCP 0
              UDP 0
              UDP 0
              Other 0
              TOTAL 0
        section Illegal Zone
          section Number of Events:
              TCP 0
              UDP 0
              Other 0
              TOTAL 0
          section Number of Overrun Events:
              TCP 0
              UDP 0
              Other 0
              TOTAL 0
        section Global Utilization Percentage
          section Unestablished Connections DB
              TCP 0
              UDP 0
              Other 0
          section Recurrent Events DB
              TCP 0
              UDP 0
              Other 0
          section Scanners DB
              TCP 0
              UDP 0
              Other 0

-----Web Server Statistics-----
  section listener-443
    section session-6
        remote host 192.168.1.2
        session is persistent yes
        number of requests serviced on current connection 11
        last status code 200
        last request method POST
        last request URI cgi-bin/transaction-server
        last protocol version HTTP/1.1
        session state processingPostServlet
      number of server session requests handled 2967
      number of server session requests rejected 0
      total HTTP requests handled 3328
      maximum number of session objects allowed 40
      number of idle allocated session objects 9
      number of busy allocated session objects 1
  section summarized log messages
      number of TCP socket failure messages logged 0
      number of TLS socket failure messages logged 0
      number of TLS protocol failure messages logged 0
      number of TLS connection failure messages logged 0
      number of TLS crypto warning messages logged 0
      number of TLS expired certificate warning messages logged 0
      number of receipt of TLS fatal alert message messages logged 0
    crypto library version 6.2.1.0