Table of Contents
Advertisement
Edit IPS
Edit IPS: Global Settings
Engine Options
Edit IPS Prerequisites Table
Cisco Router and Security Device Manager 2.5 User's Guide
27-22
Several Cisco IOS IPS configuration options are available with Cisco IOS
12.4(11)T and later images. These are described in this help topic. Screen controls
and configuration options available prior to Cisco IOS 12.4(11)T, such as the
Syslog and SDEE global settings are described in
This help topic describes the Global Settings window that is displayed when the
router runs Cisco IOS 12.4(11)T and later releases.
The engine options available with Cisco IOS 12.4(11)T and later images are the
following:
Fail Closed—By default, while the Cisco IOS compiles a new signature for a
•
particular engine, it allows packets to pass through without scanning for the
corresponding engine. When enabled, this option makes the Cisco IOS drop
packets during the compilation process.
Deny Action on IPS Interface—We recommend this when the router is
•
performing load balancing. When enabled, this option causes Cisco IOS IPS
to enable ACLs on Cisco IOS IPS interfaces instead of enabling them on the
interfaces from which attack traffic came.
This table displays the information about how the router is provisioned for Cisco
IOS IPS. Click Edit to change any of these values. The sample data in the
following table indicated that the config location is the directory configloc in flash
memory, that the router is using the basic category of signatures, and that a public
key has been configured to allow the router to access the information in the
configloc directory.
Item Name
Config Location
Selected Category
Public Key
Chapter 27
Edit IPS: Global
Item Value
flash:/configloc/
basic
Configured
Cisco IOS IPS
Settings.
OL-4015-12
Advertisement
Table of Contents
Troubleshooting
