Security Services
Intrusion Prevention Service
Cisco ISA500 Series Integrated Security Appliance Administrator Guide
214
7
•
Redirected HTTP Port List:
Specify the number of the ports used to
redirect the HTTP traffic. To add an entry, click
Add
. To edit an entry, click
Edit
. To delete an entry, click
Delete
.
STEP 5
Click
Save
to apply your settings.
Viewing the Security Service Reports
After you enable and configure the security services, you can enable the
corresponding reports for these services to analyze the security performance.
For example, if the Web URL Filter and Web Reputation Filter services are enabled
on your security appliance, you can enable the
Web Security Blocked Report
to
view
the total number of web access requests processed and the total number of
websites blocked since these services were enabled, in last seven days, or in one
day. A graph is provided to show the total number of web access requests
processed and the total number of websites blocked by day for the last seven
days.
For more information about the security service reports, go to the
Status ->
Report -> Security Services
page. See
Reports of Security Services, page 87
Intrusion Prevention Service
The Intrusion Prevention Service (IPS) feature can protect the zones for a given set
of categories. IPS monitors network traffic for malicious or unwanted behavior on
the device and can react, in real-time, to block or prevent those activities.
When an attack is detected, offending packets are dropped or alerts are logged
depending on the administrative settings, but all other traffic is unaffected. Unlike
traditional firewalls, IPS makes access control decisions based on application
content, rather than IP address or ports.
!
CAUTION
Enabling IPS consumes additional system resources and may impact the system
performance. Go to the
Status -> Dashboard
page to view the CPU and memory
utilizations. To conserve the system resources, disable the IPS service when it is no
longer needed.