Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
In IPS V5 Inline Mode, should the second interface (where a packet comes out) of a paired interface be configured as a span port or a regular port? Where can I find more info about this? Thanks.
I used the idsDbCompact utility to compact the SecMon database which took a few hours. After the compaction, I cannot find in the database any alerts generated by the sensors during the compaction period. Is there a way to recover/retrieve those al...
We noticed that some of the events triggered by signature 4003 (Nmap UDP Port Sweep) look like responses from external DNS servers. The signature description also mentioned about this scenario. We wish to understand why the signature cannot track c...
Does this procedure supports the V5.03 version as well? We are trying out the product; and need to do some diagnostics. Don't seem to get the prompt to select the image for single user login. Hope you can help.Thanks.
Please advise how to create a signature (service.http engine?) that would trigger if it finds regex pattern A in an HTTP request which does not contain the pattern B?Thanks.
I am also interested in understanding the high availability options. I found the following in the IPS V5 datasheet:Auto and manual sensor bypass configuration-High availability can be achieved through numerous mechanisms for Cisco IPS sensors. Resil...
Thanks Faris. I performed the DB compact as described in the doc. The SecMon is functioning properly after the compact. I understand that the SecMon cannot poll alerts from the sensors during the compaction. I had expected it to resume alerts subs...
We are using IDS-42xx sensors. We have referenced the NSDB, and have followed some of the recommendations for benign triggers. The case we raised is responses from external DNS servers.We know that PIX logs outgoing DNS requests in translation tables...
