https://community.cisco.com/t5/network-security/idsm-2-host-blocks/m-p/2160629#M54047 <P>Hey guys..... I'm having an issue and need some help....</P><P></P><P>My inline IDSM-2 is blocking internal hosts from accessing the internet. When I run a report to try and identify "why",&nbsp; they don't show up. Using IME, I can see they are in the "denied attackers" section.&nbsp; How can I find out what's causing it? </P><P></P><P>thanks...</P> Sun, 10 Mar 2019 12:54:21 GMT Garrison Botts 2019-03-10T12:54:21Z https://community.cisco.com/t5/network-security/idsm-2-host-blocks/m-p/2160629#M54047 <P>Hey guys..... I'm having an issue and need some help....</P><P></P><P>My inline IDSM-2 is blocking internal hosts from accessing the internet. When I run a report to try and identify "why",&nbsp; they don't show up. Using IME, I can see they are in the "denied attackers" section.&nbsp; How can I find out what's causing it? </P><P></P><P>thanks...</P> Sun, 10 Mar 2019 12:54:21 GMT https://community.cisco.com/t5/network-security/idsm-2-host-blocks/m-p/2160629#M54047 Garrison Botts 2019-03-10T12:54:21Z https://community.cisco.com/t5/network-security/idsm-2-host-blocks/m-p/2160630#M54048 <HTML><HEAD></HEAD><BODY><P> Remove only one of the denied hosts and monitor the logs that have its IP [ IME is great doing this ].</P><P></P><P>If you identify the host as a malicious unit, move it back to the list.</P><P></P><P>If you find out that the IPS is reacting to false positives, you can check the signatures that triggger and see how reliable they are.</P><P></P><P> A packet capture is also a great idea to see what is the unit is seeing and understanding why it is blocking it.</P><P></P><P>Finally, if you just don't want this host to be affected by the IPS rules, simply create an event action filter for it.</P></BODY></HTML> Wed, 27 Feb 2013 05:36:47 GMT https://community.cisco.com/t5/network-security/idsm-2-host-blocks/m-p/2160630#M54048 jocamare 2013-02-27T05:36:47Z