Table of Contents
Advertisement
Import Signatures
Apply Changes button
Discard Changes button
Assign Actions
Import Signatures
Cisco Router and Security Device Manager Version 2.2 User's Guide
19-46
Click to deliver newly imported signatures, signature edits, and newly enabled or
disabled signatures to the router. When the changes are applied, the yellow Wait
icon is removed from the ! column.
Click to discard accumulated changes.
The window contains the actions that can be taken upon signature match.
Available actions depend on the signature, but the most common actions are listed
below:
alarm—Generate an alarm.
•
denyAttackerInline—creates an ACL that denies all traffic from the IP
•
address that is considered the source of the attack by the IOS IPS system.
•
denyFlowInline—creates an ACL that denies all traffic from the IP address
that is considered the source of the attack that belongs to the 5-tuple (src ip,
src port, dst ip, dst port and l4 protocol). denyFlowInline is more granular
than denyAttackerInline.
drop—Drop the packet.
•
reset—Reset the connection.
•
Use this window to import signatures from an SDF on your PC. The information
in this window tells you which signatures are available from the SDF, and which
of them are already deployed on your router.
Importing signatures is a two-step process. In Step 1, performed in the upper part
of the window, you choose the signatures that you want to import. In Step 2,
performed in the lower part of the window, you choose whether to merge these
signatures with the signatures that are already configured on the router, or to
replace the signatures on the router with the signatures that you are importing.
Chapter 19
Intrusion Prevention System
OL-4015-08
Advertisement
Table of Contents
Troubleshooting
