Ahriakin wrote: Add to that you need to apply the policy as a service-policy either globally or per interface. Interfaces for the AIP-SSM (bar the management int.) are logical so you only see the Backplane which can be logically connected to/placed inline with any (or all) of the ASA's physical interfaces.
pr3d4t0r wrote: Cisco has lost the game in IDS/IPS far ago. Few signatures, lots false positives, no tunning capabilities, no custom rules writing etc. Hey I am a Cisco guy too but when it comes to ids/ips Sourcefire is my choise
Ahriakin wrote: pr3d4t0r wrote: Cisco has lost the game in IDS/IPS far ago. Few signatures, lots false positives, no tunning capabilities, no custom rules writing etc. Hey I am a Cisco guy too but when it comes to ids/ips Sourcefire is my choise No offense when's the last time you used a Cisco IPS? I won't comment on the false positives etc. (I haven't seen many at all, certainly less than the Snort sensor I also run on the server segment) but No tuning or Custom rule writing? It has both in spades, at least in 5.x and now 6.x (sorry I haven't used pre 5.x). Cloning/Editing/tuning existing signatures is extremely intuitive and easy, the custom rule writing is more complex but then so is the same for Snort when you first start out. I like Snort, I think Sourcefire 3d sounds like an excellent solution and if it was within our budget I would have implemented it this year (primarily for it's integration with Nessus and more accurate target assessment/filtering, though Cisco 6.x does include at least a basic OS filter) but the assertions you've made about the Cisco product are incorrect.
