Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi,We are having a Cisco IPS 4240 in our network since IPS v5.0. Subsequently, we had upgraded to v6.0 and now to v7.0. However, with v7.0 there are a host of new features, which require baselining and tuning. Currently, the sensor is monitoring and ...
We have a Juniper Firewall with the following:Eth0/1 Trust (LAN) - 192.168.1.0/24Eth1/0 DMZ - 172.20.0.0/28Eth1/1 DMZ2 - 172.30.0.0/27There is a Cisco Router on 192.168.1.200We are seeing lot of IP Spoofing Traffic on the Juniper Firewall. On Investi...
Hi,I am facing this scenario.Mail Server on LAN (behind ASA5510) is Pri.IP.Add.1 with SMTP on port 25.This is to be NATed to Pub.IP.Add.1 from ISP 1 on port 25.Also to be NATed to Pub.IP.Add.2 from ISP 2 on port 26 (with port forwarding).Can anybody ...
Hi,I have a customer who has an Internet Domain (say 'mydomain.com'), and another internal domain (say 'mylocaldomain.com'). A single mail server downloads the mails from mydomain.com, working through the ASA5510. mydomain.com is being used to exchan...
Hi,One of our customer has 3 different ISPs and he's using the Public IPs provided by these different ISPs for his Public facing servers. Obviously, each ISP is providing the IP addresses from entirely different address space. Can the same setup be u...
ALso, are there any tools (preferably open source) which can help simulate the traffic and help in tuning the box and also stress test the device simulating the current traffic on our network, if possible.
HI,@PK - Thanks for the response. We had implemented the IPS first when v5.0 was current. Since then there have been 2 version upgrades and a lot of new features like Anomaly protection, Global correlation etc which have been introduced. Also, as men...
Thanks Scott. That the Cisco Router is not the originator of the spoofing traffic, is understood. However, I would like to peek into the traffic on the router, to trace the track of the traffic. What is unusual is that the source IP 172.30.x.x should...
Thanks Laurent. I have disabled IP Directed Broadcast on the Router Interface facing the Firewall. Still I see the broadcast traffic on the firewall. The idea to look at the traffic inside the router was to confirm that the origin of the traffic was ...
Hi,I am looking at a similar situation. Would it be possible to include some test configs, so that the whole issue can be clearly understood? ALternatively, if you can point to a URL which explains this in further detail, it would be greatly apprecia...
