Security Appliance Intrusion Protection Feature
Cisco Security Appliance includes an IP-only intrusion protection feature through the AIPSSM
module for the ASA Security Appliance series. It provides visibility at network
perimeters or for locations where additional security between network segments is required.
After it is configured, the IPS module watches packets and sessions as they flow through the
firewall, scanning each for a match with any of the IPS configured filters. When suspicious
Example 19-7 Managing SQL*Net Traffic via a Class Map
Pixfirewall(config)# class-map sqlnet_port
Pixfirewall(config-cmap)# match port tcp eq 1521
Pixfirewall(config-cmap)# exit
Pixfirewall(config)# policy-map dmz_map
Pixfirewall(config-pmap)# class sqlnet_port
Pixfirewall(config-pmap-c)# inspect sqlnet
Pixfirewall(config-pmap-c)# exit
NOTE If you are running an IANA-compliant SQL*Net database, you must inspect port
66 instead of port 1521.
610 Chapter 19: IPS and Advanced Protocol Handling
activity is detected, the Security Appliance responds immediately and can be configured to
do the following:
1. Send an alarm to a syslog server.
2. Drop the packet.
3. Reset the TCP connection.