IT Certification CCIE,CCNP,CCIP,CCNA,CCSP,Cisco Network Optimization and Security Tips
fail-close
■ fail-close—Enabling this ips command option will cause all traffic flows assigned to the IPS policy to be dropped if for any reason the AIP-SSM fails. This is the recommended setting, as it is the most secure of the two options.