Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

IDSM-2 disable tcp reset and RiskRating

Hi all, i have a IDSM-2 and it's not ywet in production because I need to set the IDSM-2 to just monitor the connection and do not take any action...

The module is in the default signatures configuration and some of the active signatures have the TCP reset option marked.... and some signatures have RiskRating set to 100. It's a problem because the Event action rule will drop the signatures with a risk rating of 100.

Is there any way to have the IDS just in monitoring state?

How can I do it?

The IDSM-2 is in promiscuous mode... and I have about 50 vlans going trough the module with a SPAN configuration

Thanks in advance.

Fabio

Everyone's tags (1)
1 REPLY
New Member

Re: IDSM-2 disable tcp reset and RiskRating

Yes, you may use IDSM2 in promiscuous mode to monitor SPAN-session. It is the best way in your case because the module will not affect the traffic.

But also you can disable the event-action for high-risk rating signatures. I think it will be useful because you have 50 vlans and this amount of traffic may cause high CPU load.

394
Views
0
Helpful
1
Replies
CreatePlease to create content