Intrusion Prevention System
Configuring Peer-to-Peer Blocking and Instant Messaging
Cisco SA500 Series Security Appliances Administration Guide 134
5
Configuring Peer-to-Peer Blocking and Instant Messaging
You can configure the appliance to block Peer-to-Peer (P2P) and Instant Message
(IM) traffic on the security appliance. From the IM and P2P blocking page, you can
specify what type of P2P and IM applications (such as Gnutella, BitTorrent, AOL, or
Yahoo) are blocked.
STEP 1 Click IPS > IM and P2P Blocking.
STEP 2 Choose the inspection settings for each category or for each signature within each
category.
• To select an inspection setting for an IPS category, click an option in the
category heading row.
• To expand the signatures under a category, click the + button next to the
category heading. To hide the signatures, click the - button.
• To select an inspection setting for an individual signature, click an option in
the entry row for that signature.
Options:
• Disabled: Choose this option to disable checking for this service.
• Detect Only: Choose this option to check for attacks on this service and to
log a message upon detection.This option is mostly used for
troubleshooting purposes
• Detect and Prevent: Choose this option to check for and prevent attacks
for this service. Upon detection, a message is logged and a preventative
action is taken.
For IPS messages to be logged, you must configure IPS as the facility. For
more information, see Logs Facility and Severity, page 189
STEP 3 Click Apply to save your settings.
To Next Page
Loading...
Need help?
General
