am quite confuse on the way IPS does the proactive measures....
i understood that ips uses 2 monitoring interfaces to do the inline mode..
1. could the ips do blocking by itself alone? i ask this becoz in some articles it says that it has to modify some acl either on firewalls or routers to do the blocking thing.
2. if its true that it has to do blocking with the aid of other cisco devices, then am i right in saying that cisco ips is not suited in an environment where cisco routers or firewalls are not present.
3. is it right to say that if an IPS monitoring interface is in promiscous mode,then it is only acting as an IDS(not IPS)? and if it is in this mode, can it still do blocking?
1.- It can do both. It can block traffic as it traverses the sensing interfaces. And it can also modify access-list on routers, firewalls ( known as managed devices ) .. to mitigate attacks on the enterprise.
2.- That is correct .. you can only use Cisco swtiches, routers and firewalls as managed devices using the sensor
3.- Correct Promiscous mode is IDS. You can reset connections using the reset interface. You can do blocking but you need the assistance of other devices such as routers and firewall.. again Cisco based.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...