cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1826
Views
5
Helpful
2
Replies
Highlighted
Beginner

Cisco Firepower 6.4 - How can I test Intrusion Policy?

Hi friends,

 

I have two FTD's in Failover with virtual FMC in version 6.4. I configured an Intrusion Policy, Balanced Security and Connectivity, and I applied the Intrusion feature in some of my access control policy rules.

 

What do you recommend me to prove that the IPS is working correctly? I need to see the intrusion events logs.

 

Regards,

JG

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

To check if the intrusion policy is working as expected, enable ICMP signature (PROTOCOL-ICMP Echo Reply - SID 408) and test by sending ICMP pings through the firepower.

By default ICMP Echo Reply signature is Disabled. Change the rule state to 'Generate Events'.

Note: Make sure to 'Commit Changes' under Intrusion Policy > Policy Information.

View solution in original post

2 REPLIES 2
Highlighted
Cisco Employee

To check if the intrusion policy is working as expected, enable ICMP signature (PROTOCOL-ICMP Echo Reply - SID 408) and test by sending ICMP pings through the firepower.

By default ICMP Echo Reply signature is Disabled. Change the rule state to 'Generate Events'.

Note: Make sure to 'Commit Changes' under Intrusion Policy > Policy Information.

View solution in original post

Highlighted

Thanks manabans.

Content for Community-Ad