Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Using blocking on our IPS Sensor

I currently have a Cisco IPS 4240 employed inline in my Customers Network. It is inside of the border Router, and in front of the Outside Firewall which protects the DMZ.

the IPS is already configured to block certain types of packets inline. I was reading about blocking and the ability of the IPS Sensor to not only manage other devices (both our border router which is a 3825 and our ASA which is a 5520) are capable of being managed for blocking purposes).

Can someone give me a practical example of why I might want to configure either the border router or the ASA to block for the Sensor?



Re: Using blocking on our IPS Sensor

I think that capability existed before the inline existed. However, there still may be good reasons to use it. You could deny an attacker at the border [and any other border] and prevent packets from hitting networks and devices that are either before the IPS or not protected by it inline at all.

Community Member

Re: Using blocking on our IPS Sensor

That's a good answer. My customer does not have any devices between the border router and the IPS, so perhaps we do not need to use any blocking... what about blocking things coming from inside networks? We have a DMZ that is separated by ASA's on both sides, and both of these are inside of the IPS unit?

CreatePlease to create content