https://community.cisco.com/t5/network-security/ips-version-6-2-blocking-help/m-p/1119262#M78580 <HTML><HEAD></HEAD><BODY><P>Hello Mohammad</P><P></P><P>There are three type of blocks on the Cisco IPS, connection block enabled referred to the blocks that match no both source/dest etc. and not just the source. From the user guide:</P><P></P><P>"There are three types of blocks: </P><P></P><P>â&#128;¢Host block-Blocks all traffic from a given IP address. </P><P></P><P>â&#128;¢Connection block-Blocks traffic from a given source IP address to a given destination IP address and destination port. </P><P></P><P>Multiple connection blocks from the same source IP address to either a different destination IP address or destination port automatically switch the block from a connection block to a host block. </P><P></P><P></P><P></P><P>--------------------------------------------------------------------------------</P><P></P><P>Note Connection blocks are not supported on firewalls. Firewalls only support host blocks with additional connection information. </P><P></P><P></P><P>--------------------------------------------------------------------------------</P><P></P><P>â&#128;¢Network block-Blocks all traffic from a given network. </P><P></P><P>You can initiate host and connection blocks manually or automatically when a signature is triggered. You can only initiate network blocks manually. </P><P></P><P></P><P></P><P>--------------------------------------------------------------------------------</P><P></P><P>Caution Do not confuse blocking with the sensor's ability to drop packets. The sensor can drop packets when the following actions are configured for a sensor in inline mode: deny packet inline, deny connection inline, and deny attacker inline. "</P><P></P><P>Please rate if helpful.</P><P></P><P>Regards</P><P></P><P>Farrukh</P><P></P><P></P></BODY></HTML> Tue, 21 Oct 2008 12:39:50 GMT Farrukh Haroon 2008-10-21T12:39:50Z https://community.cisco.com/t5/network-security/ips-version-6-2-blocking-help/m-p/1119261#M78579 <P>Dear all</P><P></P><P>please find the attached file.</P><P>i have ips 4240 and it is working properly.</P><P>i tuned some signatures to block the connections for any pc that has abnormal traffic or try to use P2P application but i want to know something in the attached file , what is the difference between </P><P></P><P>connection block enabled ----&gt; true</P><P>connection block enabled ----&gt; false</P><P></P><P>In other words , what is the meaning of ture and false in the attached file???</P><P></P><P>waiting for your replies .</P><P>regards</P><P>Mohamed</P><P></P><P></P><P> </P><P></P> Sun, 10 Mar 2019 11:20:12 GMT https://community.cisco.com/t5/network-security/ips-version-6-2-blocking-help/m-p/1119261#M78579 mohamed_makled 2019-03-10T11:20:12Z https://community.cisco.com/t5/network-security/ips-version-6-2-blocking-help/m-p/1119262#M78580 <HTML><HEAD></HEAD><BODY><P>Hello Mohammad</P><P></P><P>There are three type of blocks on the Cisco IPS, connection block enabled referred to the blocks that match no both source/dest etc. and not just the source. From the user guide:</P><P></P><P>"There are three types of blocks: </P><P></P><P>â&#128;¢Host block-Blocks all traffic from a given IP address. </P><P></P><P>â&#128;¢Connection block-Blocks traffic from a given source IP address to a given destination IP address and destination port. </P><P></P><P>Multiple connection blocks from the same source IP address to either a different destination IP address or destination port automatically switch the block from a connection block to a host block. </P><P></P><P></P><P></P><P>--------------------------------------------------------------------------------</P><P></P><P>Note Connection blocks are not supported on firewalls. Firewalls only support host blocks with additional connection information. </P><P></P><P></P><P>--------------------------------------------------------------------------------</P><P></P><P>â&#128;¢Network block-Blocks all traffic from a given network. </P><P></P><P>You can initiate host and connection blocks manually or automatically when a signature is triggered. You can only initiate network blocks manually. </P><P></P><P></P><P></P><P>--------------------------------------------------------------------------------</P><P></P><P>Caution Do not confuse blocking with the sensor's ability to drop packets. The sensor can drop packets when the following actions are configured for a sensor in inline mode: deny packet inline, deny connection inline, and deny attacker inline. "</P><P></P><P>Please rate if helpful.</P><P></P><P>Regards</P><P></P><P>Farrukh</P><P></P><P></P></BODY></HTML> Tue, 21 Oct 2008 12:39:50 GMT https://community.cisco.com/t5/network-security/ips-version-6-2-blocking-help/m-p/1119262#M78580 Farrukh Haroon 2008-10-21T12:39:50Z https://community.cisco.com/t5/network-security/ips-version-6-2-blocking-help/m-p/1119263#M78582 <HTML><HEAD></HEAD><BODY><P>Dear Farrukh</P><P></P><P>Thanks for your reply and your support. What i need to know what is the meaning of True and False in the Connection Block Enabled column in the attached file????</P><P></P><P>regards</P><P>mohamed</P></BODY></HTML> Tue, 21 Oct 2008 16:31:47 GMT https://community.cisco.com/t5/network-security/ips-version-6-2-blocking-help/m-p/1119263#M78582 mohamed_makled 2008-10-21T16:31:47Z https://community.cisco.com/t5/network-security/ips-version-6-2-blocking-help/m-p/1119264#M78584 <HTML><HEAD></HEAD><BODY><P>Dear Mohammad</P><P></P><P>When that field is set to true, then it means a "Connection block" is being done instead of a "Host block" (based on source IP only). When it is false it implies a "Host Block".</P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Wed, 22 Oct 2008 06:34:30 GMT https://community.cisco.com/t5/network-security/ips-version-6-2-blocking-help/m-p/1119264#M78584 Farrukh Haroon 2008-10-22T06:34:30Z