Re: Does PIX 515 Support IDS/IPS?

sam-lee · ‎02-24-2006

Recently I need to provide a firewall solution to my customer. I would like to propose Cisco PIX 515E to my customer. I knwo Cisco has a separate IDS (Intrusion Detection System) appliance, they didnt put too much effor into this category for their PIX firewall.

Anyhow, does the pix support IPS (Intrusion Prevention System) and IDS?

wsulym · ‎02-24-2006

The pix does have some ids built-in. It's a small subset of the IDS/IPS signatures offered by the appliances. The signature ID's are kept the same across hardware (so signature ID 1000 on a pix is the same signature as on an IDS/IPS appliance).

You add IDS functionality on the pix via "ip audit xxx" commands.

PIX OS 6.3:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727a9.html

PIX OS 7.1:

http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00805fb9f7.html

(The 7.1 docs have a nice table of what signatures are supported natively by pis OS)

Those two links should provide you and overview of the IDS/IPS functionality and signatures available on the PIX itself.

ovt · ‎02-25-2006

Don't use built-in IDS in PIX. Either buy standalone sensor or ASA-5500 with AIP-SSM (which is IPS sensor too).

sam-lee · ‎02-26-2006

Hi,

Thank for your reply. Can you tell me why you do not recommand me to use built-in IDS in PIX?

ovt · ‎02-26-2006

Because its functionality is extremely limited.