Intrusion Prevention System
Configuring the Protocol Inspection Settings
Cisco SA500 Series Security Appliances Administration Guide 133
5
Configuring the Protocol Inspection Settings
You can configure the Protocol Inspection settings to detect suspicious behavior
and attacks on various types of protocols.
STEP 1 Click IPS> IPS Protocol Inspection.
STEP 2 Choose the inspection settings for each category or for each signature within each
category.
• To select an inspection setting for an IPS category, click an option in the
category heading row.
• To expand the signatures under a category, click the + button next to the
category heading. To hide the signatures, click the - button.
• To select an inspection setting for an individual signature, click an option in
the entry row for that signature.
Options:
• Disabled: Choose this option to disable inspection checking for this
protocol.
• Detect Only: Choose this option to check for attacks on this protocol and to
log a message upon detection.This option is mostly used for
troubleshooting purposes.
• Detect and Prevent: Choose this option to check for and prevent attacks on
this protocol. Upon detection, a message is logged and a preventative
action is taken.
For IPS messages to be logged, you must configure IPS as the facility. For
more information, see Logs Facility and Severity, page 189
STEP 3 Click Apply to save your settings.
To Next Page
Loading...
Need help?
General
