Cisco ESW-540-48 Administration Guide - Page 132

Intrusion Prevention System Configuring the IPS Policy 5 - Click Reset to revert to the previous settings. • Manual Signature Updates: To manually update the latest signature file, click the Cisco.com link to obtain the file and download it to your computer. Browse to the location of the signature file on the local PC and then click Upload. Configuring the IPS Policy You can configure the IPS Policy settings to protect the network against threats such as Denial-of-Service attacks, malware, and backdoor exploits. STEP 1 Click IPS > IPS Policy, or from the Getting Started (Advanced) page, under Intrusion Prevention System, click Configure and Enable IPS Policies. STEP 2 Choose the policy for each category or for each signature within each category. • To select a policy for an IPS category, click an option in the category heading row. • To expand the signatures under a category, click the + button next to the category heading. To hide the signatures, click the - button. • To select a policy for an individual signature, click an option in the entry row for that signature. Options: • Disabled: Choose this option to disable checking for this category. • Detect Only: Choose this option to check for attacks on this category and to log a message upon detection.This option is mostly used for troubleshooting purposes. • Detect and Prevent: Choose this option to check for and prevent attacks on this category. Upon detection, a message is logged and a preventative action is taken. For IPS messages to be logged, you must configure IPS as the facility. For more information, see Logs Facility and Severity, page 189. STEP 3 Click Apply to save your settings. Cisco SA500 Series Security Appliances Administration Guide 132