Recently had an issue with the NGIPS module and my engineers were unable to find how to modify and finetune the IPS module as when you create the Object you seem to get basic settings like the below:

 

ASA CX PRSM –> Configurations –> Policies/Settings –> Intrusion Prevention:
NOTE: “Default NG IPS Module” cannot be edited so please create a custom one before you continue

CiscoASAIPS-1

 

To make changes you need to go to:

Components –> Objects –> Filter for “IPS” or whatever you may of called your custom IPS:

Highlight and Select “Edit Object”

CiscoASAIPS-2

 

You can also add Exception for specific threats (IBM Symphony example) below:

You can “allow and don’t monitor” or “allow and monitor”.

 

CiscoASAIPS-3

You can also adjust the sliding scale if you think the default values are too low:

 

 

CiscoASAIPS-4

Leave a Reply

Your email address will not be published. Required fields are marked *