IPS Enabling - Balance Security and Connectivity

Fantas · ‎04-21-2020

Hi,

I am enabling IPS poly with "Balance Security and Connectivity" in our production environment.

This IPS enabling is not going to break anything in production environment right and will only generate intrusion events.

Even it sees a malicious traffic but still will not block/drop it and will only generate intrusion event in logs.

we running FTS2100

Sheraz.Salim · ‎04-21-2020

If you want to create the intrusion policy in passive mode which will alert you but it will not drop the traffic in that case

create a policy"Drop when Inline" uncheck this and apply it to you FTD. by doing so it will only generate and log the event but this will not drop the packet. Its kind of a passive mode. it sees it but cant drop it.

please do not forget to rate.

Fantas · ‎04-21-2020

Hi,

I am not creating any IPS policy and using default one " Balance Security and Connectivity"

So wana make sure , This will not break anything in production If I enable it with ACP.

Marvin Rhoads · ‎04-22-2020

If you do only as you say - use the built-in Balanced Security and connectivity policy where no IPS policy is currently in use - you may start blocking some malicious traffic. That policy is set to drop certain events deemed as intrusions. It should not drop any legitimate traffic but not some organizations choose to allow traffic that even a moderately conservative default policy may block.

There are several ways to avoid this, the most common of which was already suggested by @Sheraz.Salim