Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 586
  • Last Modified:

ASA IPS software module

Hi

Can I use the software ASA IPS module to detect and report on "outgoing" traffic from inside network

I require detail on ports being used - the traffic flows - virus's etc, unusual traffic - Im only interested in Intrusion detection (IDS) at this stage - reporting on traffic going "out" only

thanks
0
philb19
Asked:
philb19
1 Solution
 
philb19Author Commented:
its the software module on asa 5515
0
 
btanExec ConsultantCommented:
egress (or outbound) will be inspected as well - you can check out this flowchart
http://ccie-or-null.net/2011/11/15/packet-flow-through-a-cisco-asa/
...the following order:
    ACL’s will be checked first.
    NAT rules will checked second.
    Inspect policies will applied next.
    Then after all that the packet enters IPS-AIM Module for inspection, after that it leaves through the egress interface.
More details in the inline (more secure) and Promiscuous (less secure) mode
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/ips.html#wp1050744
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now