topic Re: updating IPS rules and applying them on fmc risks in Network Security https://community.cisco.com/t5/network-security/updating-ips-rules-and-applying-them-on-fmc-risks/m-p/4177964#M1075420 <P>I agree with Mohammed here.</P> <P>1. Disable inline drop</P> <P>2. Run the generate recommended rules</P> <P>3. Monitor for a few days to identify if there are any false positives</P> <P>4. Activate inline drop</P> <P>&nbsp;</P> <P>Once the rules are updated, I would suggest setting a scheduled task that updates the IPS rules on a regular basis.</P> Tue, 03 Nov 2020 12:24:36 GMT Marius Gunnerud 2020-11-03T12:24:36Z updating IPS rules and applying them on fmc risks https://community.cisco.com/t5/network-security/updating-ips-rules-and-applying-them-on-fmc-risks/m-p/4177839#M1075413 <P>i have a fmc with 2 years old ips rules , is there a risk if&nbsp; update the ips rules and applied them to a production environment?</P> Tue, 03 Nov 2020 09:48:17 GMT https://community.cisco.com/t5/network-security/updating-ips-rules-and-applying-them-on-fmc-risks/m-p/4177839#M1075413 baselzind 2020-11-03T09:48:17Z Re: updating IPS rules and applying them on fmc risks https://community.cisco.com/t5/network-security/updating-ips-rules-and-applying-them-on-fmc-risks/m-p/4177948#M1075417 Hi,<BR /><BR />Try to update IPS rules then run recommendation task. Once recommendation<BR />is completed, try to apply the IPS rules. This is safer approach.<BR /><BR />After couple of days of monitoring, you can tweak rules as needed.<BR /><BR />**** please remember to rate useful posts<BR /> Tue, 03 Nov 2020 12:11:13 GMT https://community.cisco.com/t5/network-security/updating-ips-rules-and-applying-them-on-fmc-risks/m-p/4177948#M1075417 Mohammed al Baqari 2020-11-03T12:11:13Z Re: updating IPS rules and applying them on fmc risks https://community.cisco.com/t5/network-security/updating-ips-rules-and-applying-them-on-fmc-risks/m-p/4177964#M1075420 <P>I agree with Mohammed here.</P> <P>1. Disable inline drop</P> <P>2. Run the generate recommended rules</P> <P>3. Monitor for a few days to identify if there are any false positives</P> <P>4. Activate inline drop</P> <P>&nbsp;</P> <P>Once the rules are updated, I would suggest setting a scheduled task that updates the IPS rules on a regular basis.</P> Tue, 03 Nov 2020 12:24:36 GMT https://community.cisco.com/t5/network-security/updating-ips-rules-and-applying-them-on-fmc-risks/m-p/4177964#M1075420 Marius Gunnerud 2020-11-03T12:24:36Z