Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

Help with 4255

Hi All,

I have installed a 4255 sensor inline behind an ASA 5550 that connects to the Internet.

The problem is that the IPS is not tuned (brand-new) and as soon as we connect the IPS inline, the CPU goes up to 100% and stops the traffic flow in a matter of minutes.

Therefore we removed the IPS and everything went back to normal.

Now, I connected the 4255 in promiscuous mode (behind the ASA connected to the 4506 backbone Switch), and I still see the CPU between 40% to 80%

The sensor is running the latest image 7.0(2)E3 and the latest signature package S477.0

My questions are:

1. Where do I check on the sensor exactly what is it doing, because we plan to leave the IPS in IDS mode for a couple of weeks. Are there some kind of reports that I can get from it? What is the best way to check it out? I managed the sensor via IDM 7.0

2. After getting the above information what is the recomendation to tune the device? Disable signatures? How do I find out which signatures do I need and if we are getting lots of false positives and/or false negatives?

3. Any other comments are appreciated!

Thank you All as always.

Federico.

208
Views
0
Helpful
0
Replies
CreatePlease to create content