User's Manual
Table Of Contents
- Getting Started
- Wizards
- Using the Startup Wizard
- Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and ISA570W
- Using the DMZ Wizard to Configure the DMZ Settings
- Using the Dual WAN Wizard to Configure the WAN Redundancy Settings
- Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels
- Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN Tunnels for Remote Access
- Status
- Networking
- Configuring IP Routing Mode
- Port Management
- Configuring the WAN
- Configuring the WAN Redundancy
- Configuring the VLAN
- Configuring the DMZ
- Configuring the Zones
- Configuring the Routing
- Dynamic DNS
- IGMP
- VRRP
- Configuring the Quality of Service
- Address Management
- Service Management
- Wireless Configuration for ISA550W and ISA570W
- Firewall
- Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
- Configuring the Firewall Schedule
- Firewall Access Rule Configuration Examples
- Configuring the NAT Rules to Securely Access a Remote Network
- Configuring the Session Settings
- Configuring the Content Filtering to Control Access to Internet
- Configuring the MAC Filtering to Permit or Block Traffic
- Configuring the IP/MAC Binding to Prevent Spoofing
- Configuring the Attack Protection
- Configuring the Application Level Gateway
- Security Services
- VPN
- About VPN
- Configuring the Cisco IPSec VPN Server
- Configuring the Cisco IPSec VPN Client
- Configuring the Site-to-Site VPN
- Configuring the SSL VPN
- Elements of the SSL VPN
- Configuration Tasks to Establish a SSL VPN Tunnel
- Installing the Cisco AnyConnect VPN Client on User’s PC
- Importing the Certificates for User Authentication
- Configuring the SSL VPN Users
- Configuring the SSL VPN Gateway
- Configuring the SSL VPN Group Policies
- Configuring the SSL VPN Portal
- Configuring the L2TP Server
- Configuring the VPN Passthrough
- Viewing the VPN Status
- User Management
- Device Management
- Remote Management
- Administration
- SNMP
- Configuration Management
- Firmware Management
- Log Management
- Managing the Security License
- Managing the Certificates for Authentication
- Configuring the Email Alert Settings
- Configuring the RADIUS Servers
- Configuring the Time Zone
- Device Discovery
- Diagnosing the Device
- Measuring and Limiting Traffic with the Traffic Meter
- Configuring the ViewMaster
- Configuring the CCO Account
- Configuring the Device Properties
- Configuring the Debug Settings
- Troubleshooting
- Technical Specifications and Environmental Requirements
- Factory Default Settings
- Where to Go From Here
Security Services
Intrusion Prevention Service
Cisco ISA500 Series Integrated Security Appliance Administrator Guide 219
7
For example, if you choose BitTorrent, only the signatures under the
BitTorrent application are displayed. To display all signatures, choose All.
• Search by Signature ID: Allows you to view a specific signature by
searching the signature ID. Enter the signature ID in this field, and then click
Search. To display all categories, click Reset.
• Expand/Collapse: To expand the signatures under an IM or P2P application,
click the + button. To hide the signatures, click the - button.
STEP 3 Specify the setting for all signatures under an IM or P2P application or for a single
signature:
• Disabled: Choose this option to disable checking attacks.
• Detect Only: Click this option to check the attacks and to log a message
when an attack is detected. This option is mostly used for troubleshooting
purposes.
• Detect and Prevent: Click this option to check the attacks, and to log a
message and drop the packet when an attack is detected.
To log the IPS events, you first need to choose Detect Only or Detect and
Prevent for the IM or P2P applications, and then go to the Device
Management -> Loggings pages to configure the log settings and log
facilities:
- To save the IPS logs in the lcoal syslog daemon, you need to enable the
Log feature, set the log buffer size and the severity for local log, and then
check the Local Log box for the IM/P2P Blocking log facility.
- To save the IPS logs to the remote syslog server if you have a remote
syslog server support, you need to enable the Log feature, specify the
Remote Log settings, and check the Remote Log box for the IM/P2P
Blocking log facility.
For more information about how to configure the log settings and log
facilities, and how to view the logs, see Log Management, page 302.
• Email Alert Threshold: Enter the value of the email alert threshold. When the
hit count is over the email alert threshold, an alert email is sent to the
specified email acount.
To send the IPS alert emails to the specified email accont, you first need to
enable the IPS Alert feature and configure the email account settings, see
Configuring the Email Alert Settings, page 316.