Cisco Cisco ASA 5585-X with No Payload Encryption 설치 가이드
14
Step 5
Click the Intrusion Prevention tab.
Step 6
Check the Enable IPS for this traffic flow check box.
Step 7
In the Mode area, click Inline Mode or Promiscuous Mode. Inline mode places the IPS module
directly in the traffic flow. No traffic that you identified for IPS inspection can continue
through the ASA without first passing through, and being inspected by, the IPS module.
Promiscuous mode sends a duplicate stream of traffic to the IPS module. This mode is less
secure, but has little impact on traffic throughput.
directly in the traffic flow. No traffic that you identified for IPS inspection can continue
through the ASA without first passing through, and being inspected by, the IPS module.
Promiscuous mode sends a duplicate stream of traffic to the IPS module. This mode is less
secure, but has little impact on traffic throughput.
Step 8
In the If IPS Card Fails area, click Permit traffic or Close traffic. The Close traffic option sets
the ASA to block all traffic if the IPS module is unavailable. The Permit traffic option sets the
ASA to allow all traffic through, uninspected, if the IPS module is unavailable. For
information about the IPS Sensor Selection area, see the ASDM online help.
the ASA to block all traffic if the IPS module is unavailable. The Permit traffic option sets the
ASA to allow all traffic through, uninspected, if the IPS module is unavailable. For
information about the IPS Sensor Selection area, see the ASDM online help.
Step 9
Click OK and then Apply.
Step 10
Repeat this procedure to configure additional traffic flows as desired.