ASA5525X防火墙做旁路IPS使用,两台交换机各有一个SPAN将流量送到5525X的两个接口,我配好了登录IPS可以看到接口有接收到流量,但IPS却没有一个事件,不知道哪里配置有问题呢,下面是相关配置:
==============ASA===========
!
firewall transparent
!
interface GigabitEthernet0/0
nameif inside_A
security-level 100
!
interface GigabitEthernet0/1
nameif inside_B
security-level 100
!
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.10 255.255.255.0
!
access-list IPS extended permit ip any any
access-group IPS global
route management 0.0.0.0 0.0.0.0 192.168.1.254
!
class-map IPS_Class
match access-list IPS
!
policy-map global_policy
class IPS_Class
ips promiscuous fail-open
!
service-policy global_policy global
==============IPS模块===========
service analysis-engine
virtual-sensor vs0
physical-interface PortChannel0/0
exit
exit
IPS功能已经打开:
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 200 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 750 perpetual
Total VPN Peers : 750 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Enabled perpetual
Cluster : Disabled perpetual