Hi, I just got my ASA 5520 firewall with (ASA SSM-20 module), and would be grateful if anyone could inform me about these questions concerning IPS features.
1. in the signature configuration of aip-ssm most signatures are set with action produce alert even virus, why? I suppose that I have to go trough all signatures and set the action to, for example deny packet inline for virus.
2. With an update of the signatures will the changes be lost or unchanged?
3. will the configuration example below include all the signature features and at the same time protect against vpn traffic (outside->inside)
Normally, the action "produce-alert" writes the event to the Event Store as an alert. In this scenario, a virus signature is set with action "produce-alert".So, when a virus matching with the configured signature is detected by the sensor, it looks at the corresponding signature action and performs accordingly. In this case, the signature action is " produce-alert", this means that the sensor writes this virus event to the event store as an alert.This will help in identifying the virus at its arrival and also produces alert so that precautionary steps can be taken.
If you have any further doubts, the following document will completely clarify all your doubts:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :