Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
340
Views
0
Helpful
2
Replies

IPS on IOS

NAVIN PARWAL
Level 2
Level 2

‎08-29-2005 01:54 AM - edited ‎03-10-2019 01:36 AM

Folks,

Please correct me if i am wrong. If i configure IPS on my 7200 series router (Internet router),using CLI into copy the drop.sdf file with the built in signatures and then applying the IPS inbound to the DS-3 interface, I will not drop packets even if the signatures are matched by default, unless i go to SDM and configure to do so???

I just do not want any unexpected interruption on my internet router when i configure the IPS feature on my internet router.

Thanks,

Labels:
0 Helpful
2 Replies 2

pradeepde
Level 5
Level 5

‎09-02-2005 05:48 AM

The default behavior for engine failure allows for packets to be passed unscanned. To prevent traffic from being passed unscanned, issue the "ip ips fail closed" command, which forces the router to drop all packets if an SME build fails.

0 Helpful

NAVIN PARWAL
Level 2
Level 2
In response to pradeepde

‎09-02-2005 11:20 AM

thanks for the reponse.

My question was that can i apply IPS statement in multiple Vlans at the same time in a sup 720 Running in hyrid mode??

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card