Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ips 4255 interface pair

Hi,

I'm deploying IPS 4255 (5.0.4) at my customer site. I put the IPS between the internet router and firewall.

Gi0/2 connected to firewall and Gi0/3 connected to router. Is it correct setup?

We use default signature configuration.

After deployed the user can't browse the internet and we saw that there are some of the customer public IP listed in the Actived Host Block. Is it default behavior?

Thank you.

Janto

3 REPLIES
New Member

Re: ips 4255 interface pair

On appliances, the sensing interfaces are disabled by default. On modules, the sensing interfaces are always enabled and cannot be disabled. The sensing interface does not have an IP address assigned to it and is therefore invisible to attackers. This lets the sensor monitor the data stream without letting attackers know they are being watched.

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_configuration_guide_chapter09186a0080459225.html

Re: ips 4255 interface pair

Hi Janto,

One of the action you can take is to put the public IP used by your customer to go out to the Internet under excluded IP that IDS will never block.

Some signatures by default are set to perform blocking action when it sees 'attack'. This could be why the public IP was blocked as it matches criteria falls under those signatures, e.g spoofing.

Cheers!

AK

New Member

Re: ips 4255 interface pair

Hi,

How to exclude my public IP addresses?

Is it by configuring the event action rules?

Thank you.

Janto

146
Views
0
Helpful
3
Replies
CreatePlease to create content