cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
533
Views
0
Helpful
4
Replies

Security Intelligence Does not block sometimes

Wee2o
Level 1
Level 1

I have created security intelligence block list but sometimes it allows the connections like the one highlighted and it is identified as attackers. 

Is that because the intrusion policy is set to detection not prevention?  

Wee2o_0-1663130076292.png

 

1 Accepted Solution

Accepted Solutions

Are you talking about the "Drop when inline" setting?

What is the mode of the device and type of interfaces?

This is the setting I mentioned:

FredrikW73_0-1663228548481.png

 

View solution in original post

4 Replies 4

FredrikW73
Level 1
Level 1

The Reason column seems to indicate that you have set the action to "Monitor-only" and not "Block" for that Security Intelligence category. If so, my understanding is that the result is that no requests are blocked, not even the lower four in your screenshot.

The Monitor-Only on the intrusion policy not the security intelligence. will that affect it?

 

Are you talking about the "Drop when inline" setting?

What is the mode of the device and type of interfaces?

This is the setting I mentioned:

FredrikW73_0-1663228548481.png

 

Wee2o
Level 1
Level 1

you are correct, I missed this settings. thank you!

Review Cisco Networking for a $25 gift card