Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I missed seeing the “ask the expert session†in time to ask these question Garry. Can any one help me answer these questions?1) Could MARS suggest an IPS device as a mitigation device? Is there a way to edit a signature without cross launching CS...
Hello,We are planning to user VLAN pair mode using Ether channel trunks (Inline-on-a-stick) mainly to over come the lack of 10 GigE interfaces which would prevent us from adopting traditional in-line architecture for firewalls with 10 GigE interfaces...
Yes, you can do this using event action rules/filters. Create a filter, which would exclude “deny†or “block†action from the VA scanner IP to any IP (or a subnet), which is applicable for signatures 900-65355 (default) . It is pretty easy ...
There could be some normalizer engine events which can drop/modify traffic without firing an alert. Some of them seem to be on by default. Could you try enabling "produce alerts" on the normalizer signatures with deny or modify actions?Another way wo...
Yes, the CSM 3.2.2 supports IPS 6.1 and up. There is an issue in supporting 6.2 sensors for which there is a patch available from the TAC. I heard there might be service pack soon, which will have this fix included. I am using CSM 3.2.2 with IPS 6.1 ...
Did you check in the IDM if the signature 2004 is firing? If it is firing, make sure the "Deny packet" option is set correctly. Trust your virtual sensor vs0 config is completed and the interface Gig0/1 is added to the vs0. You could also use the "pa...
