Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

manual blocking using IDS

Hi All,

I tried to use IDS to block traffic. I have configured the logical device and add the blocking router with all passwords, but after I configured the blocking, the IDS did not apply acl to the router... Just don't know which step is wrong.

And I can not find somewhere in IDS to monitor which equipment has applied the blocking... Can anybody give me some ideas? Thank You!

Best Regards

Teru Lei

Cisco Employee

Re: manual blocking using IDS

How did you configure the sensor? Did you use the cli? If so, do a show statistics network-access. You will see the current status of the connection and any active blocks. Look for the word "active" for the router. You said you set up the logical device and the router. Did you also set up and interface on the router?

Community Member

Re: manual blocking using IDS

Thank you! I use GUI to config the IDS. I will check my config again

Cisco Employee

Re: manual blocking using IDS

go to the monitoring tab and make sure the blocks are listed. Go to the blocking config and router interfaces. Still a good bet to go to the cli and check stats there.

CreatePlease to create content