05-26-2011 09:43 PM - edited 03-10-2019 05:21 AM
Hi,
Can we configure IPS in such a way that it can bypass traffic (few subnets) and inspect all other traffic in inline mode?
Aman
05-27-2011 08:50 AM
If the traffic is passing thought your sensor it will get inspected.
You can create Event Action Filters or Event Action Overrides to change the sensor default behavior (sending events and potentially blocking traffic).
http://www.cisco.com/en/US/docs/security/ips/7.1/configuration/guide/idm/idm_event_action_rules.html
- Bob
06-01-2011 10:58 AM
Hello Aman,
What model sensor(s) do you have? This is achievable by using the Modular Policy Framework (MPF) on the ASA to forward traffic down to the IPS modules.
Thank you,
Blayne Dreier
Cisco TAC Escalation Team
**Please check out our Podcasts**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast
TAC IPS Media Series: https://supportforums.cisco.com/docs/DOC-12758
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide