Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Block Ares with AIP-SSM

Hi,

One of my costumers has the urgent need to block one p2p application named ares. I searched in the p2p signature database and i found signatures for kazza, gnutella, imesh,etc , but didnt find any reference to this application.

Any ideas how can i block ares with an AIP-SSM ?

Regards

1 REPLY
Bronze

Re: Block Ares with AIP-SSM

The AIP SSM can operate in one of two modes, such as:

Inline modeThis mode places the AIP SSM directly in the traffic flow. You must first pass through and be inspected by the AIP SSM before you can continue through the adaptive security appliance.

This mode is the most secure because every packet is analyzed before it is allowed through. Also, the AIP SSM can implement a blocking policy on a packet-by-packet basis. But, this mode can affect throughput. Use the Inline keyword of the ips command in order to specify this mode.

Promiscuous modeIn this mode, a duplicate stream of traffic is sent to the AIP SSM. This mode is less secure. The SSM that operates in promiscuous mode instructs the adaptive security appliance to shun the traffic or resets a connection on the adaptive security appliance in order to block traffic.

Also, while the AIP SSM analyzes the traffic, a small amount of traffic possibly passes through the adaptive security appliance before the AIP SSM can block it. Use the Promiscuous keyword of the ips command in order to specify this mode.

195
Views
0
Helpful
1
Replies
CreatePlease to create content