https://community.cisco.com/t5/network-security/ips-startup/m-p/1087182#M78190 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Could you share the sample configuaration ?</P></BODY></HTML> Tue, 30 Dec 2008 10:54:51 GMT CSCO10320953 2008-12-30T10:54:51Z https://community.cisco.com/t5/network-security/ips-startup/m-p/1087179#M78180 <P>Hi All,</P><P></P><P>We have recently purchased an AIP-SSM-10 module for our ASA5520. I have installed the module run through the initial configuration and updated the software / signatures to the latest version via the ASDM.</P><P></P><P>I am about to run through the following...Send Network Traffic from the ASA to the AIP SSM...</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml</A></P><P></P><P>but would like to know a little more about what will happen once traffic is redirected, my qusetions are as follows...</P><P></P><P>Does the IPS start blocking traffic by default? or does it just report?</P><P></P><P>Can we enbale the IPS so that its just reports on what action would have been taken?</P><P></P><P>Ideally we would like to run traffic through the IPS for a week or so without any blocking, so we can analyze it to reduce false positives.</P><P></P><P>Is there any documentation expalaining this?</P><P></P><P>Thanks for all you help</P><P></P><P>Steve</P> Sun, 10 Mar 2019 11:24:17 GMT https://community.cisco.com/t5/network-security/ips-startup/m-p/1087179#M78180 AxiomConsulting 2019-03-10T11:24:17Z https://community.cisco.com/t5/network-security/ips-startup/m-p/1087180#M78184 <HTML><HEAD></HEAD><BODY><P>The default actions of an in-line IPS is to drop the packets that match signatures set to drop. There are a few signatures that are not set to generate an alert when dropped. </P><P>I think you want to start with your sensor in promiscious mode, not in-line. Then you can watch what signatures fire that would be dropped in an in-line mode.</P><P> </P><P></P></BODY></HTML> Thu, 04 Dec 2008 22:16:44 GMT https://community.cisco.com/t5/network-security/ips-startup/m-p/1087180#M78184 rhermes 2008-12-04T22:16:44Z https://community.cisco.com/t5/network-security/ips-startup/m-p/1087181#M78189 <HTML><HEAD></HEAD><BODY><P>Thanks for that, I ended up throwing caution to the wind and processing all traffic (inline) all looks good so far.</P><P></P><P>I am using IPS Event Viewer for 'Real Time' analysis and reporting.</P><P></P><P>Does anyone have any other recommendations?</P><P></P></BODY></HTML> Tue, 09 Dec 2008 10:04:03 GMT https://community.cisco.com/t5/network-security/ips-startup/m-p/1087181#M78189 AxiomConsulting 2008-12-09T10:04:03Z https://community.cisco.com/t5/network-security/ips-startup/m-p/1087182#M78190 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Could you share the sample configuaration ?</P></BODY></HTML> Tue, 30 Dec 2008 10:54:51 GMT https://community.cisco.com/t5/network-security/ips-startup/m-p/1087182#M78190 CSCO10320953 2008-12-30T10:54:51Z