Hi, I just got my ASA 5520 firewall with (ASA SSM-20 module), and would be grateful if anyone could inform me about these questions concerning IPS features.
1. in the signature configuration of aip-ssm most signatures are set with action produce alert even virus, why? I suppose that I have to go trough all signatures and set the action to, for example deny packet inline for virus.
2. With an update of the signatures will the changes be lost or unchanged?
3. will the configuration example below include all the signature features and at the same time protect against vpn traffic (outside->inside)
access-list IPS permit ip any any
access-group IPS in interface inside
access-group IPS in interface outside
class-map my-ips-class
match access-list IPS
policy-map my-ids-policy
class my-ips-class
ips promiscuous fail-close
service-policy my-ids-policy global
/Regards