Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm seeing lots of SMB Authorization Failure events being reported to MARS from IPS signature 5606/0. I strongly suspect that these events are false but I don't know a lot about SMB. The Event Type Details in MARS states "This signature detects when ...
This may be more of a sales issue but I need an answer. We were looking at the ASA 5520 with a CSC-SSM module. We have over 5000 users and wanted to license the Anti-X services accordingly. However, we were told that the 5520 has a maximum license li...
I have seen various references in this forum and in Cisco documentation to upgrading the MARS signatures using the Admin>System Maintenance>Upgrade path. I am currently running release 4.1.4 and was wondering if there are signature upgrade packages a...
You ask, "Where are you seeing this is an "enterprise" device?"I'm seeing it in a Cisco article titled "Cisco ASA 5500 Series Anti-X Edition for the Enterprise Solution Overview". Which does contain the word "Enterprise" unless I'm seeing things! The...
This is a great idea. A couple of us tried to get Cisco to start a forum like this after attending a MARS class last year but it did not happen. I'm in and I can get others involved as well.
Charlie,I have 2 4255s installed at 2 sites inline with pix firewalls (between the inside interface and the switch). I want to block all P2P file sharing but my question is about Bittorrent connections. I configured signatures 11020, 11030, and 1103...
I'm new to creating rules. Can you give me the steps needed to create this rule using the IDM Gui interface to a 4255 running 5.0? Things like what engine to use and where to put the Regex string.
