Re: IPS 4260-70 Events to Saalt - RSA using PORT 443
Cisco's IPS sensors do not send events by default; they make use of the Security Device Event Exchange (SDEE) protocol in a client-server implementation (the IPS being the server and the remote application being the client). By default, the IPS will listen on TCP port 443 for SDEE connections requesting events or opening a SDEE subscription. The remote application (Saalt?) should require configuring the IP address of the IPS and a username/password for logging into the IPS. The IPS will need an access list entry for the remote application host to allow successful communication.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...