Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
538
Views
0
Helpful
1
Replies

ASA 5585 IPS SSP - Default Deny?

Adam Jarvela
Level 1
Level 1

‎11-23-2015 01:17 PM - edited ‎03-10-2019 06:30 AM

Can the IPS SSP default deny all outbound traffic? I have a client that would like to deny all outbound traffic and create a whitelist of allowed destinations. I realize this could be accomplished in the firewall policy, just curious of the IPS module is also capable?

Labels:
0 Helpful
1 Reply 1

Akshay Rastogi
Cisco Employee
Cisco Employee

‎11-29-2015 01:15 AM

Hi Adam,

On IPS module it is not possible to deny all the outbound traffic as  it takes the traffic redirected by ASA. However on ASA you could define an ACL in incoming direction(let say on Inside interface) and allow your required traffic.

Also you need to configure policy on ASA to redirect the traffic to IPS. so in the class-map , configure the policy with Deny all kind of Statement and then add permit statements above it. This is more of about what traffic you wish to be redirected by ASA towards your IPS module for further checks.

On IPS, however your could perform 'Event Action Filters' where you could specify the Attacker or Victim IP with signature id. With this you remove/negate the  Action applied by Signature which is being hit. Use the link below for more detail :

http://www.cisco.com/c/en/us/td/docs/security/ips/7-1/configuration/guide/cli/cliguide71/cli_event_action_rules.html#pgfId-1030749

Hope it helps.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card