Cisco OL-4015-08 User Manual page 418

IPS Rules
Inbound IPS/Outbound IPS
VFR Status
Description
IPS Filter Details
Cisco Router and Security Device Manager Version 2.2 User's Guide
19-36
Unnumbered—The router will use one of a pool of IP addresses supplied by
•
your service provider for your router, and for the devices on the LAN.
Not Applicable—The interface type cannot be assigned an IP address.
•
Enabled—IPS is enabled for this traffic direction.
•
Disabled—IPS is disabled for this traffic direction.
•
Virtual Fragment Reassembly (VFR) status. Possible values:
On—VFR is enabled
•
Off—VFR is disabled
•
IPS cannot identify the contents of IP fragments nor can it gather port information
from the fragment in order to match it with a signature. These inabilities allow the
fragments to pass through the network without being examined or without
dynamic access control list (ACL) creation.
VFR enables the Cisco IOS Firewall to create the appropriate dynamic ACLs,
thereby, protecting the network from various fragmentation attacks.
A description of the connection, if one has been added.
If no filter has been applied to traffic, this area contains no entries. If a filter is
applied, the name or number of the ACL is shown in parentheses.
Inbound/Outbound Filter Buttons
Click to view the entries of the filter applied to inbound or outbound traffic.
Field Descriptions
Action—Whether the traffic is permitted or denied
Chapter 19 Intrusion Prevention System
OL-4015-08