Configuring Ip Audit For Basic Ips Support - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 23
Preventing Network Attacks
To drop an existing connection, as well as blocking future connections from the source IP address, enter
the destination IP address, source and destination ports, and the protocol. By default, the protocol is 0
for IP.
For multiple context mode, you can enter this command in the admin context, and by specifying a
VLAN ID that is assigned to an interface in other contexts, you can shun the connection in other
contexts.
Step 3
To remove the shun, enter the following command:
hostname(config)# no shun src_ip [vlan vlan_id]
Configuring IP Audit for Basic IPS Support
The IP audit feature provides basic IPS support for a security appliance that does not have an AIP SSM.
It supports a basic list of signatures, and you can configure the security appliance to perform one or more
actions on traffic that matches a signature.
To enable IP audit, perform the following steps:
To define an IP audit policy for informational signatures, enter the following command:
Step 1
hostname(config)# ip audit name name info [action [alarm] [drop] [reset]]
Where alarm generates a system message showing that a packet matched a signature, drop drops the
packet, and reset drops the packet and closes the connection. If you do not define an action, then the
default action is to generate an alarm.
To define an IP audit policy for attack signatures, enter the following command:
Step 2
hostname(config)# ip audit name name attack [action [alarm] [drop] [reset]]
Where alarm generates a system message showing that a packet matched a signature, drop drops the
packet, and reset drops the packet and closes the connection. If you do not define an action, then the
default action is to generate an alarm.
To assign the policy to an interface, enter the following command:
Step 3
ip audit interface interface_name policy_name
To disable signatures, or for more information about signatures, see the ip audit signature command in
Step 4
the Cisco Security Appliance Command Reference.
OL-10088-01
Configuring IP Audit for Basic IPS Support
Cisco Security Appliance Command Line Configuration Guide
23-7
Advertisement
Table of Contents
Troubleshooting
