[c-nsp] IPS 4240

Ibrahim Alsharif ib_cims at yahoo.com
Thu Apr 24 11:45:09 EDT 2008 

Thank you Mike Cuz this is the first time I'm reading about this feature therefore I'll do this procedure

but I have another inquiry I did configure the Sensor in inline mode with two Virtual Sensors each two interfaces belong to Virtual Sensor
& I put the First Virtual Sensor (VS1) as External between Internet router & firewall & the Second Virtual Sensor (VS2) as Internal between
the firewall & Core switch.
I configure all the enabled signatures to produce alert & log pair only as an event action even in this configuration the sensor denies the HTTP traffic
that comes from outside to my webservers.

so please help me if you could


thanks alot dear

Ibrahim Alsharif

----- Original Message ----
From: Mike Louis <MLouis at nwnit.com>
To: Ibrahim Alsharif <ib_cims at yahoo.com>; "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
Sent: Tuesday, April 22, 2008 4:02:07 PM
Subject: RE: [c-nsp] IPS 4240

Did you setup a port mirror on the switch the IPS was connected to to mirror traffic to the device?

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ibrahim Alsharif
Sent: Tuesday, April 22, 2008 4:47 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] IPS 4240

hello Guys,

I have 2 IPS to install in a network those 2 IPS i should install them in promiscuous mode for testing then change their work to inline mode

according to inline mode i tried it in a lab environment and it did work fine, but in promiscuous mode i couldn't get any events on the sensor
with the knowledge that the sensor interface that is connected to the network is in sensing mode & it's promiscuous,

so please advice what to do & where should I put the IPS in my topology.

thanks,


      ____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


Note: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure.  If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited.  If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately.


      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

More information about the cisco-nsp mailing list