Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
543
Views
0
Helpful
1
Replies

IPS blocking most web sites

andrewjballard
Level 1
Level 1

‎09-08-2011 12:23 AM - edited ‎03-10-2019 05:28 AM

Hello,

I have installed an SSM module in a 5510 firewall, and am running IPS in promiscous mode.  Using the default configuration i can see lots of packets being denied, and when i tested it in inline mode almost all the websites i tried to connect to didn't work including Cisco.com.

google.com, and gmail both worked, Cisco.com only loaded half a page, microsoft.com, bbc.co.uk, telegraaf.nl, and sportinglife failed to load. 

My first question is did i do something wrong?

Why is it so restrictive, this doesn't meet the balance between security and productivity?

Is there a suggested configuration that i can download, or do i need to go through each alert and assess the security risk?

Any advice would be appreciated.

Thanks

Andrew

The device is running 7.0(5a)E4S589.0 signature 589.0

Labels:
0 Helpful
1 Reply 1

rhermes
Level 7
Level 7

‎09-08-2011 12:13 PM

Andrew -

If your AIP-SSM module is really in promiscious mode, it shouldn't be blocking ANY traffic. Did you enable shunning on the sensor? (that would pop a blocking ACL in the ASA for 30 min or so per event).

Where are you seeing the packets denied?

If you remove the IDS configuration from your ASA does your web blocking problem stop?

- Bob

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card