Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
641
Views
0
Helpful
2
Replies

Changing IPS from promiscous mode to Inline mode

smetieh001
Beginner
Beginner

‎09-26-2013 07:04 AM - edited ‎03-10-2019 06:03 AM

Hi Experts,

We are changing our IPS (aip-ssm10) mode of operation from promiscous to Inline mode. Is there any caveats or anything i need to take into consideration before doing the switch? Is there a possibility to roll back incase something doesn't go the way we planned?

I look forward to your responses.

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎09-27-2013 01:37 AM

changing from promiscous to inline and back is done with the ips-command in the ASA MPF-config. So if you run into problems you can easily switch back.

What you should do before changing to inline:
- check your alerts for false positives and eliminate them first.
- if you can't eliminate all, make sure that the risk-rating doesn't exeed the threshold for the automatic deny-action if configured.
- and of course keep monitoring your events after the switch to inline.


Sent from Cisco Technical Support iPad App

0 Helpful

smetieh001
Beginner
Beginner
In response to Karsten Iwen

‎09-30-2013 07:18 AM

Thanks Karsten.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents