Table of Contents
Advertisement
Global Settings
Notification Method Status
Syslog
SDEE
SDEE Events
SDEE Subscription
Engine Options
Shun Events
Configured SDF Locations
Cisco Router and Security Device Manager Version 2.2 User's Guide
19-52
If Enabled, then notifications are sent to the syslog server specified in System
Properties.
Security Device Event Exchange. If Enabled, SDEE events are generated.
The number of SDEE events to store in the router's buffer.
The number of concurrent SDEE subscriptions.
The engine options are the following:
Fail Closed—By default, while IOS compiles a new signature for a particular
•
engine, it allows packets to pass through without scanning for the
corresponding engine. When enabled, this option makes IOS drop packets
during the compilation process.
•
Use Built-in Signatures (as backup)—If IPS does not find or fails to load
signatures from the specified location(s), it can use the IOS built-in
signatures to enable IPS. This option is enabled by default.
Deny Action on IPS Interface—Recommended when router is performing
•
load balancing. When enabled, this option causes IPS to enable ACLs on IPS
interfaces instead of enabling them on the interfaces from which attack
traffic came.
This category uses the Shun Time parameter. Shun Time is the amount of time
that shun actions are to be in effect.
A signature location is an URL that provides a path to an SDF. To find an SDF,
the router attempts to contact the first location in the list. If it fails, it tries each
subsequent location in turn, until it finds an SDF.
Add Button
Click to add an URL to the list.
Edit Button
Click to edit a selected location.
Chapter 19
Intrusion Prevention System
OL-4015-08
Advertisement
Table of Contents
Troubleshooting
