I have installed a 4255 sensor inline behind an ASA 5550 that connects to the Internet.
The problem is that the IPS is not tuned (brand-new) and as soon as we connect the IPS inline, the CPU goes up to 100% and stops the traffic flow in a matter of minutes.
Therefore we removed the IPS and everything went back to normal.
Now, I connected the 4255 in promiscuous mode (behind the ASA connected to the 4506 backbone Switch), and I still see the CPU between 40% to 80%
The sensor is running the latest image 7.0(2)E3 and the latest signature package S477.0
My questions are:
1. Where do I check on the sensor exactly what is it doing, because we plan to leave the IPS in IDS mode for a couple of weeks. Are there some kind of reports that I can get from it? What is the best way to check it out? I managed the sensor via IDM 7.0
2. After getting the above information what is the recomendation to tune the device? Disable signatures? How do I find out which signatures do I need and if we are getting lots of false positives and/or false negatives?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...