Chapter27 Cisco IOS IPS
Edit IPS
27-12
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
On—VFR is enabled.
Off—VFR is disabled.
Cisco IOS IPS cannot identify the contents of IP fragments, nor can it gather port
information from the fragment in order to match it with a signature. Therefore,
fragments can pass through the network without being examined or without
dynamic access control list (ACL) creation.
VFR enables the Cisco IOS Firewall to create the appropriate dynamic ACLs,
thereby protecting the network from various fragmentation attacks.
Description
A description of the connection, if added.
IPS Filter Details
If no filter is applied to traffic, this area contains no entries. If a filter is applied,
the name or number of the ACL is shown in parentheses.
Inbound and Outbound Filter Buttons
Click to view the entries of the filter applied to inbound or outbound traffic.
Field Descriptions
Action—Whether the traffic is permitted or denied.
Source—Network or host address, or any host or network.
Destination—Network or host address, or any host or network.
Service—Type of service filtered: IP, TCP, UDP, IGMP, or ICMP.
Log—Whether or not denied traffic is logged.
Attributes—Options configured using the CLI.
Description—Any description provided.
Permit source traffic.
Deny source traffic.