44-9
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter44 Configuring IOS IPS Routers
Overview of Cisco IOS IPS Configuration
(Device view) Select IPS > Interface Rules from the Policy selector.
(Policy view) Select IPS (Router) > Interface Rules from the Policy selector. Select an existing
policy or create a new one.
The policy shows any existing interface rules, including the rule name, the name of the ACL that defines
which traffic is inspected (if any), and the interface and traffic direction that is inspected. If no ACL is
specified, all traffic on the interface in the specified direction is inspected.
Although the rules are numbered, the sequence of rules has no effect on IPS processing.
Step 2 Select Enable IPS to enable the deployment of IOS IPS configuration to the device.
If Enable IPS is unchecked, IPS rules are removed from all the router interfaces, which disables IPS.
Also, no signature or event action policy will be deployed.
Step 3 Configure the interface rules. The rules identify the interfaces, and traffic direction on the interface, that
will be inspected by IPS. The rules can optionally include an ACL to identify a subset of traffic for
inspection.
To add a rule, click the Add Row (+) button and fill in the Add IPS Rule dialog box. For detailed
information, see IPS Rule Dialog Box, page 44-9.
To edit a rule, select it and click the Edit Row (pencil) button.
To delete a rule, select it and click the Delete Row (trash can) button.
IPS Rule Dialog Box
Use the Add or Edit IPS Rule dialog box to identify the traffic flows to be inspected using the active
signature policy.
Navigation Path
From the Interface Rules policy, click the Add Row button to add a new rule, or select a rule and click
the Edit Row button. For information on opening the Interface Rules policy, see Configuring IOS IPS
Interface Rules, page 44-8.
Field Reference
Table44-2 Add or Edit IPS Rule Dialog Box
Element Description
Rule Name The unique name for this IPS rule.
IPS rule names are not case sensitive. You cannot use a rule name that
contains the same characters as another one previously defined but
using a different case. For example MYRULE and MyRule are the
same.