Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco IPS Manager Express 7.0.1

I just want to verify if the following is working properly:

- Under Configuration > IPS > Sensor Monitoring > Time-Based Actons > Host Blocks is configured properly

I have entered in a few hosts to be blocked and I notice the following:

- Under Connection Block Enabled tab it shows "false" for any host that I enter in. ??????

Thank you in advance for your assistance.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Cisco IPS Manager Express 7.0.1

False means that the blocking rule was not turned on (not enabled)

It means that someone might have configured the rule before, however, did not enable it.

If you click on the "Add" button, you would be able to see what I mean (the "Enable connection blocking" needs to be ticked to block the host configured), and it will show as "True" once you enable it.

Hope that answers your question.

4 REPLIES
Cisco Employee

Re: Cisco IPS Manager Express 7.0.1

The blocking feature on IPS relies on other network devices. IPS itself will not be blocking the hosts.

You would need to configure which network device will be blocking the host via:

Configuration --> Sensor Management --> Blocking --> Blocking Properties, Blocking Devices, and which interface of the network device will be performing the blocking.

Once the above has been configured, and through Monitoring --> Time Based Actions --> Host Blocks, IPS will send this request off to the network device configured above to be blocked.

Hope that helps.

New Member

Re: Cisco IPS Manager Express 7.0.1

Thanks for your response.

All that you have mentioned in regards to setting blocking up has been done and working fine. My question is in regards to the wording that I am seeing if you goto Configuration > IPS > Sensor Monitoring > Time-Based Actons > Host Blocks  Under Connection Block Enabled tab it shows "false"  is this what I should be seeing as supposed to something else ?

Cisco Employee

Re: Cisco IPS Manager Express 7.0.1

False means that the blocking rule was not turned on (not enabled)

It means that someone might have configured the rule before, however, did not enable it.

If you click on the "Add" button, you would be able to see what I mean (the "Enable connection blocking" needs to be ticked to block the host configured), and it will show as "True" once you enable it.

Hope that answers your question.

New Member

Cisco IPS Manager Express 7.0.1

Hi,

additional question,

how to configure it from CLI? I couldn't find any command and when I put it from IDM or Express (whether with this option enabled or disabled) it is not shown in cli

Output from show statistics network-access

Current Configuration

LogAllBlockEventsAndSensors = true

EnableNvramWrite = false

EnableAclLogging = false

AllowSensorBlock = false

BlockMaxEntries = 250

MaxDeviceInterfaces = 250

State

BlockEnable = true

BlockedAddr

Host

IP = 7.7.7.7

Vlan =

ActualIp =

BlockMinutes = 60

MinutesRemaining = 56

Host

IP = 9.9.9.9

Vlan =

ActualIp =

BlockMinutes = 60

MinutesRemaining = 57

what is more when configuring 7.7.7.7 rule I added destination with 8.8.8.8 and where is it stored?

regards

1084
Views
0
Helpful
4
Replies