Filter
Top Products
Chapter 27 Cisco IOS IPS
Edit IPS
27-22
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Edit IPS: Global Settings
Several Cisco IOS IPS configuration options are available with Cisco IOS
12.4(11)T and later images. These are described in this help topic. Screen controls
and configuration options available prior to Cisco IOS 12.4(11)T, such as the
Syslog and SDEE global settings are described in Edit IPS: Global Settings.
This help topic describes the Global Settings window that is displayed when the
router runs Cisco IOS 12.4(11)T and later releases.
Engine Options
The engine options available with Cisco IOS 12.4(11)T and later images are the
following:
• Fail Closed—By default, while the Cisco IOS compiles a new signature for a
particular engine, it allows packets to pass through without scanning for the
corresponding engine. When enabled, this option makes the Cisco IOS drop
packets during the compilation process.
• Deny Action on IPS Interface—We recommend this when the router is
performing load balancing. When enabled, this option causes Cisco IOS IPS
to enable ACLs on Cisco IOS IPS interfaces instead of enabling them on the
interfaces from which attack traffic came.
Edit IPS Prerequisites Table
This table displays the information about how the router is provisioned for Cisco
IOS IPS. Click Edit to change any of these values. The sample data in the
following table indicated that the config location is the directory configloc in flash
memory, that the router is using the basic category of signatures, and that a public
key has been configured to allow the router to access the information in the
configloc directory.
Item Name Item Value
Config Location flash:/configloc/
Selected Category basic
Public Key Configured