Cisco SA520-K9 Administration Guide - Page 133
Configuring the Protocol Inspection Settings, Intrusion Prevention System, Logs Facility and Severity
UPC - 882658266744
View all Cisco SA520-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 133 highlights
Intrusion Prevention System Configuring the Protocol Inspection Settings 5 Configuring the Protocol Inspection Settings You can configure the Protocol Inspection settings to detect suspicious behavior and attacks on various types of protocols. STEP 1 Click IPS> IPS Protocol Inspection. STEP 2 Choose the inspection settings for each category or for each signature within each category. • To select an inspection setting for an IPS category, click an option in the category heading row. • To expand the signatures under a category, click the + button next to the category heading. To hide the signatures, click the - button. • To select an inspection setting for an individual signature, click an option in the entry row for that signature. Options: • Disabled: Choose this option to disable inspection checking for this protocol. • Detect Only: Choose this option to check for attacks on this protocol and to log a message upon detection.This option is mostly used for troubleshooting purposes. • Detect and Prevent: Choose this option to check for and prevent attacks on this protocol. Upon detection, a message is logged and a preventative action is taken. For IPS messages to be logged, you must configure IPS as the facility. For more information, see Logs Facility and Severity, page 189 STEP 3 Click Apply to save your settings. Cisco SA500 Series Security Appliances Administration Guide 133