7206 IP/FW/IDS - SMTP,FTP trafic does not flow

eugene2004 · ‎04-24-2005

I've got 7206 IP/FW/IDS 12.3(11)T3

The very strange problem:

1) half of SMTP trafic does not flow from Internet to my inside SMTP server (public address) Though I turned all signatures off except HTTP block

2) inside FTP clients can not get some files from some Internet FTP-servers Though I turned all signatures off except HTTP block

If I turn IPS off then no problems happen

Configuration:

ip ips po max-events 10000

ip ips signature 3103 0 disable

ip ips signature 3151 0 disable

ip ips signature 3100 0 disable

...

ip ips signature 4052 1 disable

ip ips signature 4052 2 disable

ip ips signature 4600 0 disable

ip ips name fromWAN

interface GigabitEthernet0/2

...

ip ips fromWAN in

...

I want to control IDS behaviour but can't

daftary · ‎04-27-2005

do you see any IPS signature alerts ?

You can configure and provision IOS IPS using SDM.

eugene2004 · ‎04-27-2005

>do you see any IPS signature alerts ?

As for syslog - NO

When I disable signaatures they stop to flow to my syslog

>You can configure and provision IOS IPS using SDM.

Well, what about CLI? Is it mandatory using SDM?

I don't have SDM now, of course it is possible download and install but if only there is no CLI-way.

daftary · ‎04-28-2005

IOS IPS allows loading new signatures dynamically. Depending on the platform, the number of signatures on the device might be as high as several hundred signatures. Managing them all at CLI could be a nightmare.

SDM would allow you to manage them more easily.

Having said that, IOS IPS does offer a limited CLI

that allows you disable, delete or attach an ACL to

a signature - currently. And further CLI enhancements

are being scoped.