Filter
Top Products
27-17
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter 27 Cisco IOS IPS
Edit IPS
Use Built-in Signatures (as backup) (Global Engine Tab)
If Cisco IOS IPS does not find or fails to load signatures from the specified
locations, it can use the Cisco IOS built-in signatures to enable Cisco IOS IPS.
This option is enabled by default.
Enable Deny Action on IPS interface (Global Engine Tab)
This option is applicable if signature actions are configured to
“denyAttackerInline” or “denyFlowInline.” By default, Cisco IOS IPS applies
ACLs to the interfaces from which attack traffic came, and not to Cisco IOS IPS
interfaces. Enabling this option causes Cisco IOS IPS to apply the ACLs directly
to the Cisco IOS IPS interfaces, and not to the interfaces that originally received
the attack traffic. If the router is not performing load balancing, do not enable this
setting. If the router is performing load balancing, we recommend that you enable
this setting.
Timeout (Global Engine Tab)
This option lets you set the number of minutes, in the range of 0–65535, that shun
actions are to be in effect. The default value is 30 minutes. A shun action occurs
if a host or network is added to an ACL to deny traffic from that host or network.
Add or Edit a Signature Location
Specify the location from which Cisco IOS IPS should load an SDF. To specify
multiple SDF locations, open this dialog again and enter the information for
another SDF.
Specify SDF on this router
Specify the part of router memory in which the SDF is located by using the
Location drop-down menu. For example: the menu could have the entries disk0,
usbflash1, and flash. Then choose the filename by clicking the down arrow next
to the File Name field or enter the filename in the File Name field.
Specify SDF using URL
If the SDF is located on a remote system, you can specify the URL at which it
resides.