Using blocking on our IPS Sensor
I currently have a Cisco IPS 4240 employed inline in my Customers Network. It is inside of the border Router, and in front of the Outside Firewall which protects the DMZ.
the IPS is already configured to block certain types of packets inline. I was reading about blocking and the ability of the IPS Sensor to not only manage other devices (both our border router which is a 3825 and our ASA which is a 5520) are capable of being managed for blocking purposes).
Can someone give me a practical example of why I might want to configure either the border router or the ASA to block for the Sensor?
Thanks
That's a good answer. My customer does not have any devices between the border router and the IPS, so perhaps we do not need to use any blocking... what about blocking things coming from inside networks? We have a DMZ that is separated by ASA's on both sides, and both of these are inside of the IPS unit?
Similar Messages
-
Is it possible to automatically trigger a camera when someone arrive in the background hahaha.. Just a wild thoughts you know, like when someone suddenly pop up, the camera will automatically fire. I'm planning to use it in our Horror tunnel this october.
You could try to use a motion sensor - in a do-it-yourself store you can buy motion sensors that turn on the lights when a burglar approaches the property. Connect this sensor to the remote control of your camera instead of to a light.
Probably you can buy ready-made motion sensitive remote controls, the photographers here will know. You would need this kind of remote control for wildlife photography. -
We have a internal node in the environment and our IPS is catching in the event logs stating it is sending traffic to victim ip 0.0.0.0. I am assuming that 0.0.0.0 means a broadcast, is this correct?
No, 0.0.0.0 is used as a summary address. If the signature was a port scan for example, the victim IP addresses may be too numerous to list, so Cisco uses the 0.0.0.0 address to indicate that is has summarized multiple addresses into that field.
- Bob -
How to monitor IPS sensor heath by emails?
Hi All,
Is there any way to configure e-mail notifications about IPS sensor health monitoring results?
I have tried to install IPS supported MIBs to my SNMP management station (actually, it is HP SIM). Cisco supported MIBs have not been installed successfully to HP SIM yet.
Also, I have been searching such a monitoring tool over cisco.com web site. And tools like LAN Monitoring Solution (or Device Fault Manager) requires licensing, so in my case it is not suitable.
Does somebody know SNMP management station (monitoring) tool which could monitor the sensor health without additional MIB installation?
There is one more practical question: Is there any way to send a test trap from IPS sensor to SNMP management station?
Thanks in advance,
MaksimHello Maksim,
This functionality is not yet available, but will be included in IPS 7.1. This enhancement is being tracked via CSCsu08529.
Thank you,
Blayne Dreier
Cisco TAC IDS Team
**Please check out our Podcast**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast -
Azure Reserved IPs - any way to allocate a block of contiguous IPs?
I've set-up a subscription and had the quota of reserved IPs increased to 100. I'd like to reserve a block of contiguous IPs, but haven't found any documentation to do this from Microsoft.
The second-best option would be to have IPs at least within a closer range, i.e. 140.40* or 140.45*
Right now, the IPs I am getting are all over the place:
104.40.83.192
23.100.37.214
23.100.35.130
104.45.210.85
So, is there any way to allocate a block of contiguous IPs, or to at a minimum get a set of like IPs?
Powershell code I am using to reserve the IP/Set to a VM:
New-AzureReservedIP –ReservedIPName $ReservedIPName –Label “ReservedLabel” –Location $location
Get-AzureReservedIP
New-AzureVMConfig -Name $vmName -InstanceSize $instanceSize -ImageName (Get-AzureVMImage -ImageName $imageName).ImageName| Add-AzureProvisioningConfig -Windows -AdminUsername $adminLogin -Password $adminPasswd| New-AzureVM -ServiceName $vmName –ReservedIPName $ReservedIPName -Location $locationGreetings, Jason!
The above observation is a behavior by design and we as of present, don't have an option to allocate a small / big block of contiguous IP addresses.
However, would request you to raise a
Technical Support Ticket for us to consider your requirement internally.
Thank you,
Arvind -
Is it possible to setup an IPS sensor's IDM console or CLI to check ACS for user authentication rather than use local accounts on the sensor? Or is this something only the cisco works software can do?
thank you,
BillNow Possible with IPS Version 7.0(4)E4 but only Radius Authentication.
Thanks. -
I share a macbook with my other half and we both use it for our iphones. When syncing using the new software I now have all of her and my contacts on my phone. I don't want her contacts! How do I get rid?
Hi,
You have 2 solutions:
1 - You can use 2 differents icloud account
2 - You use the same account but you don't sync yours contacts.
You configure that in Settings > icloud
You activate or desactivate what you want.
Have a nice day. -
We have a large family, 5 kids and two adults all with iPads, iPhones, Mac Books, Servers.... How can we combine our purchases to use on all our devices. We have two Apple ID's and sometimes buy multiple copies because of how we are limited...
Hello Halfback71,
Thanks for using Apple Support Communities.
For more information on this, take a look at:
Frequently asked questions about Apple ID
http://support.apple.com/kb/ht5622
I have multiple Apple IDs. Is there a way for me to merge them into a single Apple ID?
Apple IDs cannot be merged. You should use your preferred Apple ID from now on, but you can still access your purchased items such as music, movies, or software using your other Apple IDs.
If you are wondering how using multiple Apple IDs relate to iCloud, see Apple IDs and iCloud.
Best of luck,
Mario -
I have just started to use Muse for our design agency and learning how to build ourselves a new site, I have managed to create a basic lightbox which contains sliding images, what I need to do now is have a pop up window which goes into detail about the projects, what I would like is a piece of text or icon that when you roll over it and then click a separate window pops up with additional information in, once finished reading the info you can then click to close the box, any advice on how to do this?
The best way to do what you're asking is with the Composition widget. Start with the Tooltip preset, which, by default shows the info on rollover. You can change the option to show on click, which is what you're after. You can also add the close button or have the info disappear on rollout.
David -
My wife and I have separate have separate user accounts on our IMac. We have separate Apple IDs for iTunes. How can we use iCloud on our separate iPhones without sharing contacts, calendars, etc.
If have separate iCloud accounts and want to keep your all your iCloud data separate, you can create separate user accounts for each of you, then sign into your individual iCloud account within your user account.
If you want to just add both iCloud calendars on your Mac, you can sign into one iCloud account in System Preferences>iCloud, then add the second account in System Preferences>Internet Accounts>iCloud and only check Calendars with this second account. -
My company have purchased one I Creative cloud for one years (It's the first time for us) Of course we have pay this product with a price of company but there are new clients adobe. But now, always my company want to buy also anthers n°3 Photoshop application from use always in our office below our account already created. Can we have a privilege cost forecast for company or we need to buy this product as if it is the first time and pay the maximum price for one years?
ThanksCloud License allows 2 activations http://www.adobe.com/legal/licenses-terms.html
-Install on a 2nd computer http://forums.adobe.com/thread/1452292?tstart=0
-Windows or Mac does not matter... 2 on the same operating system, or 1 on each
-Both subscriptions MAY be in use at the same time https://forums.adobe.com/thread/1683787 -
Issue in File to RFC to File Scenario with BPM using Block Step
Hi Everybody,
I am doing File to RFC to File Scenario for multiple records using BPM using Block Step. The File Message is getting posted and after that, the message is getting stuck up in the qRFC Monitor (Inbound Queue).
After seeing the message in Inbound Queue, I am trying to execute and release the message. But when i execute the LUW, it says " Function module doesnt exist or EXCEPTION raised" in Inbound queue.
Could somebody suggest me the outcome of this? What does this mean and how to
release the stuck up message in Queue.
Thanks and Regards,
N.Jayanth KumarHi Rajesh,
After going through the blog, i saw the trace messages. It says
" The exception occurred (program: CL_SWF_XI_INBOUND=============CP, include CL_SWF_XI_INBOUND=============CM00F, line: 19)"
Regards,
N.Jayanth Kumar -
[svn:bz-trunk] 15126: Removed NonHttpFlexSession that is not used anywhere in our code.
Revision: 15126
Revision: 15126
Author: [email protected]
Date: 2010-03-30 01:48:55 -0700 (Tue, 30 Mar 2010)
Log Message:
Removed NonHttpFlexSession that is not used anywhere in our code. According to check-in notes, this class was introduced during LCDS and BlazeDS split and it was supposed to be extended by RTMP and RTMPT FlexSessions and will serve as a bridge between the community and enterprise servers, but this doesn't seem to be the case, so getting rid of it to avoid confusion.
Removed Paths:
blazeds/trunk/modules/core/src/flex/messaging/NonHttpFlexSession.javaVery strange, something else running that may be holding onto the UFL in memory?
I know it's extreme but what happens if you re-boot and use the new UFL? Just to verify it's unloaded.
What happens if you create a new report?
Try this[ sample UFL|https://bosap-support.wdf.sap.corp/sap(bD1lbiZjPTAwMQ==)/bc/bsp/sno/ui_entry/entry.htm?param=69765F6D6F64653D3030312669765F7361706E6F7465735F6E756D6265723D3030303135323530313426] also.
Thanks
Don -
Hi,
I work at a college that is delivering courses online at a
distance. Currently, we are using a Windows Media Streaming server
as our main platform for video. We definitely want to be able to
stream, as our students are from all over the world and have many
different connection speeds - from t3 all the way down to dial up.
With Windows Media Streaming, we can configure the video at
multiple bit rates, within a single file, to address these various
speeds. The file is delivered at a speed appropriate to each user's
connection. We can also choose to force authentication for any
given fie, while still having most of our video clips available to
anyone.
We are currently evaluating our setup and looking into
various options. A lot has been said about Flash. I would love to
hear pros and cons for using flash as our primary platform. I have
heard that one advantage to Flash is that there is a way of setting
up your files, so that no player is needed. I would also like to
know if that is true. I sense that it is not - I had removed flash
from my computer, and could not play anything with a swf extension.
As I would suspect, my computer had no idea what it was without the
flash player installed.
I have also heard that the concept of streaming is inherent
within the Flash technology - that Flash files will automatically
stream in a similar manner to our current setup, where the speed
and flow of the delivery is dependent on the user's connection. Can
anyone comment on that?
Additonally, we would need a separate server, as we do not
want anything conflicting on the server where we house our Course
Management System. Is there anything to be aware of with this type
of setup?
Some of the video files that we use would need to be limited
to a certain audience - (due to copyright and contractual issues).
Is there a way for Flash to handle such issues? With Windows Media
STreaming server, we can opt to have any file require a username
and password. this requires manual addition of these credentials to
the server though, and is not a very efficient approach.
Please feel free to add any additional comments that you
think might be helpful. Thanks for any information you can give me.
Kathleen Barringer
Excelsior CollegeWelcome to the Apple community.
You can download apps from iTunes on a computer and sync them to the mobile device. -
CSM IPS Manager doesn't display IPS sensors.
I am doing inital configuration of the CSM v3.0 The IPS sensor 4250xl that I have added to CSM doesn't show up in the IPS Manager. Moreover, the Devices->Sensor window doesn't appear to be displayed correctly - there is a browser icon indicating missing content.
Any ideas what may be the issue. Thanks.You might be running into a bug here. The bug-Id is:CSCsa83631
Maybe you are looking for
-
Application:openTempFile: not working as expected.
Maybe I understand wrongly but I read in the documentation about how a Cocoa app (not document based) opens files form another application (Finder or another one in my case), that it searches for the following methods in the application delegate and
-
What happens to the users when ISE is reloaded?
Hello, We have a need to reload ISE and I am wondering what the end user experience would be. Will they be booted from the network or will the reload be transparent to them? Version: 1.2.0.899 Patch Information: 1,2 Please let me know if there is mo
-
Invisible character as a separator
I have a description column (VARCHAR2 type) in a table. I need to add a separator (at a pre-determined position which is based on some logic) within the description to identify it in 2 portions. The description with the separator needs to be persiste
-
Laptop has been restarting on its own . Pls provide a solution
-
How to load time dimension informatica...
Hi, im new to datawarehouse... Can anybody tell me,how to load time dimension informatica... Thanks and Regards, jagadish.