This document shows issue of "Events not getting generated" faced by a user.
Pls see below policy config of ASA.
ASA-01# sh run policy-map!policy-map global_policyclass inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect ip-options inspect skinny inspect icmpclass class-default flow-export event-type all destination 10.xx.xx.xx!ASA-01# sh run class-map!class-map inspection_defaultmatch default-inspection-traffic
User trying to determine is it possible to create custom IPS signatures on the ASA-CX module? Not the ASA + Legacy IPS combo, but the ASA + ASA-CX (Application Detection, Web Filtering, IPS) combo. He couldn't find anything in the docs that said this was possible.
To the best of my knowledge, expired license does not stop the IPS from producing event actions.
On IDM or IME, go to Monitor -> Events click the "warning", "error", "fatal" and the "show status events" if not already checked. set "show pat even to at least 1hr. and click "view" at the bottom, You should see some events how ever these may not be created by any signature.
Click "configuration" ->Interfaces -> summary and see if any interface is assigned to a VS. If "none", then there lies the issue.
To fix this, goto
Configuration->IPS Policy, select the VS and click edit.
If the interface is not selected, click the check box to select the interface and click apply.
From above mentioned configuration there is no configuration on ASA that passes traffic to the IPS for inspection in your show run class-map and show run policy-map out put.
In global config mode type the following command below:
Access-list IPS_acl extended permit ip any anyclass-map IPS_classmatch access-list IPS_aclpolicy-map IPS_policyclass IPS_classips promiscuous fail-openservice-policy IPS_policy global
Not with the current release. Currently, Cisco ASA Next-Generation Firewall Services include a robust set of more than 1200 applications and 150000 micro-applications. The ability for administrators to create their own application signatures is a feature that will be included in a future release. No, those capabilities are not available with the NGFW IPS. Cisco currently recommends that the classic IPS (ASA module of stand-alone appliance) for customers requiring that capability. Expect this all to change significantly over the coming year though as more of the SourceFire technology is integrated into the ASA product line.
Hello, I have a couple of firewalls on FMC 1000, and two internet routers in front of the firewalls.I have enabled anyconnect VPN and a nat was added to use anyconnect and RA VPN.then i have configured PBR to use one internet link for some vlans and ...
Hi we implemented ISE 2.4 along with proxy server. we've noticed that if a new user is trying to logon to windows he got an error message "there are currently no logon servers available to service the logon request". the cached user can log...
Hi All, Please find attached diagram where on my ASA SSL VPN is configured to access my internal network behind my another vendor firewall i.e FORTIGATE. But Now my Company wants that users from outside connect to SSL Vpn using an ASA and after ...
Hi I would like to generate a report to view top users by URL category, how can I generate such report in FMC?When I click any URL Category in Dashboard it open it in Connection Events, not an overview report like Context Explorer. Thanks