cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
406
Views
0
Helpful
1
Replies

IOS FW/IPS on a 2651XM best practices

ph0enix
Level 1
Level 1

I have a 2651XM with 128MB and I'm trying to figure out what the best practices are as far as IPS is concerned. I downloaded the latest SDF and I'm trying to load all the threats (excluding the disabled ones) via SDM but for some reason the number that's actually gets applied is always lower than the original number listed when I first select them. I can see that the router runs out of memory while loading the definitions but I'd guess that that's normal. This happens even if I just try to load the ones with High severity. Am I doing something wrong? What's a good number of definitions given the the specs of my router. Also, can I automatically block all packets matched against IPS. Are the built-in definitions a waste of time or should I be using those?

Also, how would I go about creating my own SDF - I can see that hey come in XML format.

Thanks in advance!

1 Reply 1

carenas123
Level 5
Level 5

you can use this link for a bereinformaiom.

http://www.snort.org/pub-bin/sigs.cgi?sid=469

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: