Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2031
Views
0
Helpful
0
Comments

What are the intrusion detection features of the PIX Firewall?

TCC_2
Level 10
Level 10

‎06-22-2009 04:42 PM - edited ‎03-08-2019 06:18 PM

Resolution

The Cisco PIX Firewall added Intrusion Detection System (IDS) support starting in PIX Software version 5.2. The IDS signatures are divided into two categories: info (informational) and attack signatures. The IDS feature is not enabled by default. Use the ip audit command to apply the IDS inspection to traffic coming into an interface. When an IDS signature is matched, the PIX can perform one or more of the following actions on the packet:

  • Alarm (write a syslog message)

  • Drop (drop the packet), or

  • Reset (send a reset packet to the sender)

In the following example, the PIX is configured to log all information signatures, and to log, drop and reset all attack signatures coming into the PIX Firewall through the outside interface.

ip audit name info_sigs info action alarm

ip audit name attack_sigs attack action alarm drop reset

Refer to the PIX Firewall Configuration section of Configuring the Cisco Secure PIX Firewall with Three Internal Networks for a typical example of how to configure IP audit on the PIX Firewall.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents