Filter
Top Products
31-21
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 31 Configuring the ASA IPS Module
Managing the ASA IPS module
Managing the ASA IPS module
This section includes procedures that help you recover or troubleshoot the module and includes the
following topics:
• Installing and Booting an Image on the Module, page 31-21
• Shutting Down the Module, page 31-23
• Uninstalling a Software Module Image, page 31-23
• Resetting the Password, page 31-24
• Reloading or Resetting the Module, page 31-25
Installing and Booting an Image on the Module
If the module suffers a failure, and the module application image cannot run, you can reinstall a new
image on the module from a TFTP server (for a hardware module), or from the local disk (software
module).
Note Do not use the upgrade command within the module software to install the image.
Prerequisites
• Hardware module—Be sure the TFTP server that you specify can transfer files up to 60 MB in size.
Note This process can take approximately 15 minutes to complete, depending on your network
and the size of the image.
• Software module—Copy the image to the ASA internal flash (disk0) before completing this
procedure.
Step 7
(Optional)
ips {inline | promiscuous} {fail-close |
fail-open} [sensor {sensor_name |
mapped_name}]
Example:
ciscoasa(config-pmap-c)# ips promiscuous
fail-close
Specifies that the second class of traffic should be sent to the ASA
IPS module.
Add as many classes as desired by repeating these steps.
Step 8
service-policy policymap_name {global |
interface interface_name}
Example:
ciscoasa(config)# service-policy
tcp_bypass_policy outside
Activates the policy map on one or more interfaces. global applies
the policy map to all interfaces, and interface applies the policy
to one interface. Only one global policy is allowed. You can
override the global policy on an interface by applying a service
policy to that interface. You can only apply one policy map to
each interface.
Command Purpose