I have a 2651XM with 128MB and I'm trying to figure out what the best practices are as far as IPS is concerned. I downloaded the latest SDF and I'm trying to load all the threats (excluding the disabled ones) via SDM but for some reason the number that's actually gets applied is always lower than the original number listed when I first select them. I can see that the router runs out of memory while loading the definitions but I'd guess that that's normal. This happens even if I just try to load the ones with High severity. Am I doing something wrong? What's a good number of definitions given the the specs of my router. Also, can I automatically block all packets matched against IPS. Are the built-in definitions a waste of time or should I be using those?
Also, how would I go about creating my own SDF - I can see that hey come in XML format.
Thanks in advance!