topic Issue about Custom IPS Rules in Network Security

Issue about Custom IPS Rules

yangui319 — Fri, 21 Feb 2020 14:01:09 GMT

When i learning Firepower Intrusion Policy, i create a IPS Rule like the picture, i want to block traffic from test-pc to http server when the uri contain "configure" keyword, but it not work properly. i didn't see the intrusion events.

Add metadata with service

Claudiu Cismaru — Thu, 16 Feb 2017 19:50:49 GMT

Add metadata with service http. See whether it fires now.

When you test, add logging to the ACP rule and provide with the connection event screenshot (from the table view of events, multiple screenshots to cover all the fields) associated with the test you're performing.

I configure two intrusion

yangui319 — Fri, 17 Feb 2017 01:29:46 GMT

I configure two intrusion rule:intrusion rule "http certsrv" and intrusion rule "http configure". Like the picture, but when i test it, the "http certsrv" is work properly, but the "http configure" didn't. use windows server 2008 as web server for test about "http certsrv", use Cisco IOS as web server for test "http configure".

I couldn't reproduce your

Claudiu Cismaru — Fri, 17 Feb 2017 09:01:36 GMT

I couldn't reproduce your issue. For me it fires. Are you sure you deployed the ACP after making changes?

Can you provide the full connection event entry screenshot?