59-23
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter59 Configuring Router Interfaces
IPS Module Interface Settings Page
Caution Cisco IOS IPS and the Cisco IPS module cannot be used together. Cisco IOS IPS must be disabled when
the IPS module is installed.
Navigation Path
(Device view) Select Interfaces > Settings > IPS Module from the Policy selector.
(Policy view) Select Router Interfaces > Settings > IPS Module from the Policy Type selector.
Create a new policy or select an existing policy from the Shared Policy selector.
Related Topics
IPS Module Interface Settings on Cisco IOS Routers, page 59-22
Table Columns and Column Heading Features, page1-46
Filtering Tables, page1-45
Field Reference
IPS Monitoring Information Dialog Box
Use the IPS Monitoring Information dialog box to add or edit the properties of interfaces to be monitored
by the IPS module.
Table59-7 IPS Module Interface Settings Page
Element Description
Interface Name The name of the IPS module interface. Enter the name or click Select
to select the interface or interface role. If the object that you want is not
listed, click the Create button to create it.
Fail Over Mode How the module should handle traffic inspection during a module
failure, either to fail open (passing all traffic without inspection) or fail
closed (dropping all traffic). The default is fail open.
IPS Module Service Module
Monitoring Settings table
The list of interfaces on the router that the IPS module should monitor.
The table shows the name of the interface or interface role, whether
monitoring is inline or promiscuous, and whether an ACL is used to
filter traffic for inspection on the interface. Inline mode puts the IPS
module directly into the traffic flow, allowing it to stop attacks by
dropping malicious traffic before it reaches the intended target. In
promiscuous mode, packets do not flow through the sensor; the sensor
analyzes a copy of the monitored traffic rather than the actual
forwarded packet. If the ACL is matched, the matched traffic is not
inspected.
To add an interface to the table, click the Add button and fill in the
IPS Monitoring Information Dialog Box, page 59-23.
To edit the settings for an interface, select it and click the Edit
button.
To delete an interface, select it and click the Delete button.