11-25-2002 11:31 AM - edited 03-09-2019 01:11 AM
We currently have a cisco 6509 with a IDS blade being managed by the Cisco
Secure Policy Manager. I have three related questions. If I want
to enable the blocking function identified in the CSPM, ie: be able to
automatically block certain types of alerts for a defined period of time,
can I perform this function by directing the internal MSFC routing module to
handle the blocking function, or do I have to perform this blocking function
with an external firewall or router. Related question, if we can use the MSFC
routing module, how does fast switching (route first, switch the rest) type
functionality affect this capability. Are there any performance benefits
to choosing one method over the other.
Thanks
Mike
Solved! Go to Solution.
11-25-2002 12:20 PM
The IDS blade can be configured within CSPM to perform the blocking on the MSFC similar to any other IOS router. It has been tested and is fully supported.
Alternatively you can also configure the IDS blade to perform the blocking directly on the Supervisor using Vlan ACLs.
As for:
Related question, if we can use the MSFC
routing module, how does fast switching (route first, switch the rest) type
functionality affect this capability. Are there any performance benefits
to choosing one method over the other.
Each time the ACLs on the MSFC are changed (by either a user or the IDS blade), the current streams are rechecked against the new ACL. So functionality wise it works fine with fast switching.
I can not, however, comment on the performance when using the MSFC or another device.
11-25-2002 12:20 PM
The IDS blade can be configured within CSPM to perform the blocking on the MSFC similar to any other IOS router. It has been tested and is fully supported.
Alternatively you can also configure the IDS blade to perform the blocking directly on the Supervisor using Vlan ACLs.
As for:
Related question, if we can use the MSFC
routing module, how does fast switching (route first, switch the rest) type
functionality affect this capability. Are there any performance benefits
to choosing one method over the other.
Each time the ACLs on the MSFC are changed (by either a user or the IDS blade), the current streams are rechecked against the new ACL. So functionality wise it works fine with fast switching.
I can not, however, comment on the performance when using the MSFC or another device.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide