Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
671
Views
0
Helpful
1
Replies

Migrating to IPS mode

Henk Fictorie - Ulrich
Level 1
Level 1

‎05-16-2017 06:22 AM - edited ‎03-10-2019 06:50 AM

Hi,

We are currently running our 8250's in an IDS mode and we are changing to an IPS mode. 

We have lots of rules which are now resulting in a "would be block", that is going to change to a Block result. To ease the migration I'm looking for ways of slowly moving to Block results.

I'm thinking of dividing the 'would be block' rules into groups and changing the the result of those groups initial to monitor and group after group changing the results back to block.

Is this a sane idea and if so what is a decent way of dividing the rules into groups?

Henk Fictorie

Labels:
0 Helpful
1 Reply 1

Dennis Perto
Level 5
Level 5

‎05-24-2017 01:15 AM

When you say that the rule is making the result "would have been dropped" is that an access control rule, or the actual IDS/IPS policy making that verdict?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card