Filter
Top Products
44-7
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 44 Configuring IOS IPS Routers
Overview of Cisco IOS IPS Configuration
Configuring General Settings for Cisco IOS IPS
Use the General Settings page to specify the global settings used for Cisco IOS IPS properties defined
for a particular router. The default settings are appropriate for most situations; however, you must specify
an IPS configuration file location. If storing the configuration file on the router, you must first create the
directory as described in Initial Preparation of a Cisco IOS IPS Router, page 44-5.
Navigation Path
• (Device view) Select IPS > General Settings from the Policy selector.
• (Policy view) Select IPS (Router) > General Settings, then select an existing policy or create a new
one.
Related Topics
• Overview of Cisco IOS IPS Configuration, page 44-3
• Understanding Cisco IOS IPS, page 44-1
Field Reference
Table 44-1 General Settings Page
Element Description
Block Traffic when IPS
engine is unavailable
Whether to block all inspected traffic if the IPS engine is not available,
for example, when the signature engine is being built or if it fails to
build.
If you select this option, any traffic specified for inspection is dropped
if IPS cannot process it (also known as fail-closed mode). Otherwise,
traffic is allowed to pass in accordance with the other rules in place on
the router (the default).
Apply Deny Action On Where to apply ACL entries to drop traffic for Deny Attacker Inline or
Deny Flow Inline events. Select one of the following values:
• Ingress Interface (the default)—Enforce the deny action on the
interface attached to the network from which the traffic originated.
• IPS enabled interfaces—Enforce the deny action on the interface
on which the triggered IPS rule is applied.
Enabling this option causes IOS IPS to apply the ACLs directly to
the IPS interfaces, and not to the interfaces that originally received
the attack traffic. If the router is not performing load balancing, do
not enable this setting. If the router is performing load balancing,
we recommend that you enable this setting.
SDEE Properties
Maximum Subscriptions The maximum number of concurrent SDEE subscriptions allowed, in
the range of 1-3. An SDEE subscription is a live feed of SDEE events.
The default is 1.
Maximum Alerts The maximum number of SDEE alerts that you want the router to store,
in the range of 10-2000. Storing more alerts uses more router memory.
The default is 200.