I have an IPS-4260 in promiscous mode, "IDS mode". I have to configure it to use an FWSM as a blocking device but I am not really sure about how to do it because I'm using multiple-context mode in the FWSM. I only want to shun traffic in one context (this is not the admin context).
When I configure the blocking devices in the IPS, should I configure the context as if it is an standalone firewall? Meaning that the IP address configured there would be an IP address to login directly into that context? Therefore, the IPS should have IP conectivity to that context in order to login to it, rigth?
From the sensor standpoint you will treat each FWSM context as a unique firewall with it's own IP address unique to that context.
Understand that the IPS will send the same shun commands to every firewall (or every context) that is being managed.
So in your case the sensor will send all shuns to your firewall context even though some of the traffic being monitored may have come from other firewall contexts. You can not designate which addresses to shun on which firewall/context.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...