https://community.cisco.com/t5/network-security/ips-4255-interface-pair/m-p/418747#M91395 <P>Hi,</P><P>I'm deploying IPS 4255 (5.0.4) at my customer site. I put the IPS between the internet router and firewall.</P><P>Gi0/2 connected to firewall and Gi0/3 connected to router. Is it correct setup?</P><P></P><P>We use default signature configuration.</P><P>After deployed the user can't browse the internet and we saw that there are some of the customer public IP listed in the Actived Host Block. Is it default behavior?</P><P></P><P>Thank you.</P><P>Janto</P> Sun, 10 Mar 2019 09:42:00 GMT jcin 2019-03-10T09:42:00Z https://community.cisco.com/t5/network-security/ips-4255-interface-pair/m-p/418747#M91395 <P>Hi,</P><P>I'm deploying IPS 4255 (5.0.4) at my customer site. I put the IPS between the internet router and firewall.</P><P>Gi0/2 connected to firewall and Gi0/3 connected to router. Is it correct setup?</P><P></P><P>We use default signature configuration.</P><P>After deployed the user can't browse the internet and we saw that there are some of the customer public IP listed in the Actived Host Block. Is it default behavior?</P><P></P><P>Thank you.</P><P>Janto</P> Sun, 10 Mar 2019 09:42:00 GMT https://community.cisco.com/t5/network-security/ips-4255-interface-pair/m-p/418747#M91395 jcin 2019-03-10T09:42:00Z https://community.cisco.com/t5/network-security/ips-4255-interface-pair/m-p/418748#M91396 <HTML><HEAD></HEAD><BODY><P>On appliances, the sensing interfaces are disabled by default. On modules, the sensing interfaces are always enabled and cannot be disabled. The sensing interface does not have an IP address assigned to it and is therefore invisible to attackers. This lets the sensor monitor the data stream without letting attackers know they are being watched. </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_configuration_guide_chapter09186a0080459225.html" target="_blank">http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_configuration_guide_chapter09186a0080459225.html</A></P></BODY></HTML> Fri, 21 Oct 2005 17:09:20 GMT https://community.cisco.com/t5/network-security/ips-4255-interface-pair/m-p/418748#M91396 bbaley 2005-10-21T17:09:20Z https://community.cisco.com/t5/network-security/ips-4255-interface-pair/m-p/418749#M91397 <HTML><HEAD></HEAD><BODY><P>Hi Janto,</P><P></P><P>One of the action you can take is to put the public IP used by your customer to go out to the Internet under excluded IP that IDS will never block.</P><P></P><P>Some signatures by default are set to perform blocking action when it sees 'attack'. This could be why the public IP was blocked as it matches criteria falls under those signatures, e.g spoofing.</P><P></P><P>Cheers!</P><P>AK</P></BODY></HTML> Tue, 25 Oct 2005 08:06:30 GMT https://community.cisco.com/t5/network-security/ips-4255-interface-pair/m-p/418749#M91397 a.kiprawih 2005-10-25T08:06:30Z https://community.cisco.com/t5/network-security/ips-4255-interface-pair/m-p/418750#M91398 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>How to exclude my public IP addresses?</P><P>Is it by configuring the event action rules?</P><P>Thank you.</P><P>Janto</P></BODY></HTML> Wed, 26 Oct 2005 00:34:14 GMT https://community.cisco.com/t5/network-security/ips-4255-interface-pair/m-p/418750#M91398 jcin 2005-10-26T00:34:14Z