10-30-2002 10:49 AM - edited 02-20-2020 10:20 PM
I have a PIX 501 with a broadband connection to the outside and a home office LAN on the inside. What would be a solid IDS policy to activate and what interfaces should it be applied to? Will there be any other necessary steps to activate IDS?
Solved! Go to Solution.
10-30-2002 05:00 PM
IDS on the PIX itself is very limited, it only checks for 59 signatures listed here (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#xtocid9 under the Supported IDS signatures section). The signatures themselves are the fairly basic ones.
If you do want to enable this, then for the attack signatures I'd set the action to alarm/drop/reset, which is default anyway.
You'll also want to set up logging to a syslog server and monitor it for any 4000nn syslog messages, cause these will be IDS events.
10-30-2002 05:00 PM
IDS on the PIX itself is very limited, it only checks for 59 signatures listed here (http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/gl.htm#xtocid9 under the Supported IDS signatures section). The signatures themselves are the fairly basic ones.
If you do want to enable this, then for the attack signatures I'd set the action to alarm/drop/reset, which is default anyway.
You'll also want to set up logging to a syslog server and monitor it for any 4000nn syslog messages, cause these will be IDS events.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide