Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
1
Replies

IDS on PIX: Attack vs Info signatures.

Randall White
Level 3
Level 3

‎12-01-2003 09:39 PM - edited ‎02-20-2020 11:07 PM

What's the difference between Attack and Info policies with the PIX IDS feature? It looks like the same global signatures are used for each one, so why have two policies if they both do the same thing?

It would be nice to enable or disable different signatures based on the interface or what action you want to take; ie: Alarm for some signatures, drop + alarm for others.

Thanks, Randy

0 Helpful
1 Reply 1

scoclayton
Level 7
Level 7

‎12-02-2003 07:05 PM

Randy,

Each of the IDS sigs on the PIX are categorized as either attack sigs (more severe) or informational sigs (less severe). Take a look at the following link for a chart that differentiates these:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemsgs.htm#1138590

So, each policy you configure effects the various sigs under the category where they are defined.

And, I don't think there is anything preventing you from creating multiple policies on your PIX and then applying each of them to a seperate interface. I do think that disabling sigs is going to apply globally though so I see part of your point.

Hope this helps.

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card