Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

inbound vs outbound traffic

I have a 4240 running IPS 6.0. I have an interface in promiscuous mode that is connected to a port that has SPAN enabled on the uplink from a switch to my router. I'm doing some testing and noticed that when using nmap from a host on the same network as the IPS sensor to a host on a remote subnet that requires me to send my traffic through the uplink port in an outbound direction no signatures are triggered. However, if I do the same scan reversing the location of the attacker and victim the sensor immediately picks up the scan and triggers the appropriate signatures. Why would this behaviour occurr and is there a way to change it?

thank you,

Bill

229
Views
0
Helpful
0
Replies
CreatePlease to create content