Setting The Block Time - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Configuring Blocking Properties

Setting the Block Time

Use the global-block-timeout command in the service event action rules submode to change the amount
of time an automatic block lasts. The default is 30 minutes.
Note If you change the default block time, you are changing a signature parameter, which affects all
signatures.
Note The time for manual blocks is set when you request the block.
To change the default block time, follow these steps:
Log in to the CLI using an account with administrator privileges.
Step 1
Enter event action rules submode:
Step 2
sensor# configure terminal
sensor(config)# service event-action-rules rules0
Step 3 Enter general submode:
sensor(config-rul)# general
Configure the block time:
Step 4
sensor(config-rul-gen)# global-block-timeout 60
The value is the time duration of the block event in minutes (0 to 10000000).
Verify the setting:
Step 5
sensor(config-rul-gen)# show settings
general
-----------------------------------------------
-----------------------------------------------
sensor(config-rul-gen)#
Exit event action rules submode:
Step 6
sensor(config-rul-gen)# exit
sensor(config-rul)# exit
Apply Changes:?[yes]:
Press Enter to apply the changes or type
Step 7
Note
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
10-10
global-overrides-status: Enabled <defaulted>
global-filters-status: Enabled <defaulted>
global-summarization-status: Enabled <defaulted>
global-metaevent-status: Enabled <defaulted>
global-deny-timeout: 3600 <defaulted>
global-block-timeout: 60 default: 30
max-denied-attackers: 10000 <defaulted>
There is a time delay while the signatures are updated.
to discard them.
no
Chapter 10 Configuring Blocking
78-16527-01