https://community.cisco.com/t5/network-security/ips/m-p/608767#M1034798 <P>Can you pls tell me some issues firewall cant solve that IPS/IDS can</P><P></P><P></P> Mon, 11 Mar 2019 09:09:39 GMT tamunoforiokuma1 2019-03-11T09:09:39Z https://community.cisco.com/t5/network-security/ips/m-p/608767#M1034798 <P>Can you pls tell me some issues firewall cant solve that IPS/IDS can</P><P></P><P></P> Mon, 11 Mar 2019 09:09:39 GMT https://community.cisco.com/t5/network-security/ips/m-p/608767#M1034798 tamunoforiokuma1 2019-03-11T09:09:39Z https://community.cisco.com/t5/network-security/ips/m-p/608768#M1034799 <HTML><HEAD></HEAD><BODY><P>Hello tamuno,</P><P></P><P>Firewalls can block unnecessary traffic, based on the Layer 4 parameters, TCP / UDP ports, IP address etc.. This device, I can say, blocks around 70 % of the unwanted traffic.. firewalls have basic IPS functionality on the software which is very limited on the total signatures (around 20)...</P><P></P><P>If you are talking about full-fledged security, firewalls cant really do it 9as told above)... simple example is, if there is a mail server, the firewall will permit port 25/110 into the inside network, just by seeing the layer 4 header... wht if the attacker does a port sweep, finds that the firewall has 25/110 open, and introduce vulnerabilities on these open ports?? your network is vulnerable to attacks !!!! IPS will be the DEVICE here, which can inspect packets on layer 7 (application layer) and see if the packets entering the network is allowed/denied.. combining firewall &amp; IPS, network administrators can get 95% of unwanted traffic blocked.. </P><P></P><P>Hope this helps.. all the best.. rate replies if found useful..</P><P></P><P>Raj</P></BODY></HTML> Mon, 18 Dec 2006 03:41:08 GMT https://community.cisco.com/t5/network-security/ips/m-p/608768#M1034799 sachinraja 2006-12-18T03:41:08Z