Cisco IPS-4255-K9 Installation Guide - Page 322
Blocking Not Occurring for a Signature, produce-alert
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 322 highlights
Troubleshooting the Appliance Chapter A Troubleshooting Step 3 Step 4 Enable SSH: sensor(config)# ssh host blocking_device_ip_address Type yes when prompted to accept the device. Blocking Not Occurring for a Signature If blocking is not occurring for a specific signature, check that the event action is set to block the host. To make sure blocking is occurring for a specific signature, follow these steps: Step 1 Step 2 Step 3 Log in to the CLI. Enter signature definition submode. sensor# configure terminal sensor(config)# service signature-definition sig0 sensor(config-sig)# Make sure the event action is set to block the host. Note If you want to receive alerts, you must always add produce-alert any time you configure the event actions. Step 4 sensor(config-sig)# signatures 1300 0 sensor(config-sig-sig)# engine normalizer sensor(config-sig-sig-nor)# event-action produce-alert|request-block-host sensor(config-sig-sig-nor)# show settings normalizer event-action: produce-alert|request-block-host default: produce-alert|deny -connection-inline edit-default-sigs-only default-signatures-only specify-service-ports no specify-tcp-max-mss no specify-tcp-min-mss no MORE-- Exit signature definition submode. sensor(config-sig-sig-nor)# exit A-44 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01