Cisco Systems ASA 5585-X Webcam User Manual


 
31-19
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 31 Configuring the ASA IPS Module
Managing the ASA IPS module
Step 3 Complete the Service Policy dialog box as desired. See the ASDM online help for more information
about these screens.
Step 4 Click Next. The Add Service Policy Rule Wizard - Traffic Classification Criteria dialog box appears.
Step 5 Complete the Traffic Classification Criteria dialog box as desired. See the ASDM online help for more
information about these screens.
Step 6 Click Next to show the Add Service Policy Rule Wizard - Rule Actions dialog box.
Step 7 Click the Intrusion Prevention tab.
Step 8 Check the Enable IPS for this traffic flow check box.
Step 9 In the Mode area, click Inline Mode or Promiscuous Mode. See the “Operating Modes” section on
page 31-3 for more information.
Step 10 In the If IPS Card Fails area, click Permit traffic or Close traffic. The Close traffic option sets the ASA
to block all traffic if the ASA IPS module is unavailable. The Permit traffic option sets the ASA to allow
all traffic through, uninspected, if the ASA IPS module is unavailable. For information about the IPS
Sensor Selection area, see the ASDM online help.
Step 11 (ASA 5510 and higher) From the IPS Sensor to use drop-down list, choose a virtual sensor name.
If you use virtual sensors, you can specify a sensor name using this option. If you use multiple context
mode on the ASA, you can only specify sensors that you assigned to the context (see the “Assigning
Virtual Sensors to a Security Context (ASA 5510 and Higher)” section on page 31-17). If you do not
specify a sensor name, then the traffic uses the default sensor. In multiple context mode, you can specify
a default sensor for the context. In single mode or if you do not specify a default sensor in multiple mode,
the traffic uses the default sensor that is set on the ASA IPS module.
Step 12 Click OK and then Apply.
Step 13 Repeat this procedure to configure additional traffic flows as desired.
Managing the ASA IPS module