Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6482
Views
5
Helpful
2
Replies

Cisco Firepower 6.4 - How can I test Intrusion Policy?

Go to solution
julioegb
Level 1
Level 1

‎09-23-2020 10:03 AM

Hi friends,

 

I have two FTD's in Failover with virtual FMC in version 6.4. I configured an Intrusion Policy, Balanced Security and Connectivity, and I applied the Intrusion feature in some of my access control policy rules.

 

What do you recommend me to prove that the IPS is working correctly? I need to see the intrusion events logs.

 

Regards,

JG

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
manabans
Cisco Employee
Cisco Employee

‎09-26-2020 10:04 PM - edited ‎09-26-2020 10:04 PM

To check if the intrusion policy is working as expected, enable ICMP signature (PROTOCOL-ICMP Echo Reply - SID 408) and test by sending ICMP pings through the firepower.

By default ICMP Echo Reply signature is Disabled. Change the rule state to 'Generate Events'.

Note: Make sure to 'Commit Changes' under Intrusion Policy > Policy Information.

View solution in original post

2 Replies 2

Go to solution
manabans
Cisco Employee
Cisco Employee

‎09-26-2020 10:04 PM - edited ‎09-26-2020 10:04 PM

To check if the intrusion policy is working as expected, enable ICMP signature (PROTOCOL-ICMP Echo Reply - SID 408) and test by sending ICMP pings through the firepower.

By default ICMP Echo Reply signature is Disabled. Change the rule state to 'Generate Events'.

Note: Make sure to 'Commit Changes' under Intrusion Policy > Policy Information.

Go to solution
julioegb
Level 1
Level 1
In response to manabans

‎10-13-2020 03:09 PM

Thanks manabans.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card