Disabling Signatures
Imagine the afterward situation:You are absorbed in actuality abashed on the informational
signature 6102,“RPC Dump.”This agency that you accept to accommodate all
informational signatures in your activity with a command such as:
PIX1(config)# ip analysis name myaudit advice activity alarm
Here comes the problem: Many added signatures are listed as informational,
and some of them are actual “noisy”—generating lots of alarms—for example,
number 2000,“ICMP answer reply,” which is artlessly a acknowledgment to a ping. Chances
are, you will be abounding with alarms on this closing signature and will not notice
the above one, which is the one in which you are absolutely interested. One way
to get about this affair is to attenuate the blatant signatures with the afterward command,
which disables the apprehension of the signature with cardinal sig_number:
ip analysis signature
In our case, to attenuate the “ICMP answer reply” signature, use the following
command:
PIX1(config)# ip analysis signature 2000 disable
After this command is entered, signature cardinal 2000 (“ICMP answer reply”)
will not be detected by the PIX at all. Note that disabling a signature agency disabling
it globally, not for a specific interface or audit.
It is accessible to see the account of all disabled signatures with the command:
PIX1(config)# appearance ip analysis signature
You can accredit a disabled signature with a no command in Configuration
mode:
no ip analysis signature