Hello, I'm working on a IPS design in a fully redundant DC that is almost impossible to force symmetrical flows.  My question is when using assymetric mode for TCP reassembly - what exactly is lost?  Below is the list I've come up with so far: 1.  TCP Normalization.  (No big deal in my case because the ASA provides alot of this same functionality) 2.  Anomaly Detection.  With assymetric mode this should be set to Inactive. I'm also including a diagram that depicts my situation. ... View more

Hi, I'm currently working on Tuning a pair of IPS modules in ASA's. We are currently in Promiscous and tuning/filtering to ensure we don't block any valid traffic when making the switch to inline. We are using the new 7.0.1 code and getting the global correlation / reputation data - works great & rocks. When viewing the events - there is a paramater - "Global Correlation Risk Delta" -- Could someone explain to me what that is? I understand how it adjusts the RR based on reputation & have the chart (including it for those who do not have it - got it from a networkers prezo). However I am having a hard time figuring out what Global Correlation Risk Delta is/means/does...anyone know? Thanks, Brad ... View more

Hello, I'm working on an ASA that is at 8.0(4)32 and ASDM 6.1(5)57. Below are the logging statements I have in the config: logging enable logging timestamp logging standby logging buffer-size 32000 logging buffered informational logging trap debugging logging asdm debugging When I am troubleshooting I will see messages using the command "show log" that I will not ever see in the ASDM when using the Real Time Log Viewer. Is there something I'm missing in the config? ... View more

Does IPS Manager Express build it's reports from the data on the Sensor's you are managing -- or the data it has downloaded from the sensors over a period of time? I'm trying to figure out if IPS Manager Express keeps data on the box or always just grabs it from the Sensors & doesn't actually store it. Thanks, Brad ... View more

Hi, I'm just curious what happens to traffic when you have an IPS module in an ASA and it reaches the maximum throughput? Does it allow the traffic & only inspects what it can handle? Or does it "fail" and then either allows all the traffic or block based on "fail-open" or "fail-close" configuration? Thanks, Brad ... View more