[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 364
  • Last Modified:

Cisco ASA 5510 content filter

Can anyone tell how to disable it from a command prompt? it is the built in trendmicro flavor..............
1 Solution
There's not necessarily a cut and dry command to get the job done. These are usually configured in the ASA's service policies at the very end of the configuration. Most times it is configured under the global service policy.

Taken from:

"The following example diverts all IP traffic to the AIP SSM in promiscuous mode, and blocks all IP traffic should the AIP SSM card fail for any reason:
hostname(config)# access-list IPS permit ip any any
hostname(config)# class-map my-ips-class
hostname(config-cmap)# match access-list IPS
hostname(config-cmap)# policy-map my-ips-policy
hostname(config-pmap)# class my-ips-class
hostname(config-pmap-c)# ips promiscuous fail-close
hostname(config-pmap-c)# service-policy my-ips-policy global

The above shows the class-maps that will be nested in the service policy. Essentially you need to find how the IPS commands are tied in to your service policy(ies) and remove them, or you can create a new service policy without any of the IPS commands and then set that as the global policy.
jmenzeAuthor Commented:
Thank you.

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now