Filter
Top Products
5-38
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 5 Configuring Interfaces
Configuring Inline Bypass Mode
Step 16 Exit interface submode.
sensor(config-int-phy-vla-sub)# exit
sensor(config-int-phy-vla)# exit
sensor(config-int-phy)# exit
sensor(config-int)# exit
Apply Changes:?[yes]:
Step 17 Press Enter to apply the changes or enter no to discard them.
For More Information
For the procedure for assigning inline interface pairs to a virtual sensor, or deleting the inline interface
pair from the virtual sensor to which it is assigned, see Adding, Editing, and Deleting Virtual Sensors,
page 6-5.
Configuring Inline Bypass Mode
This section describes inline bypass mode for sensors configured as inline interface and inline VLAN
pairs, and contains the following topics:
• Understanding Inline Bypass Mode, page 5-38
• Configuring Inline Bypass Mode, page 5-39
Understanding Inline Bypass Mode
Note The ASA 5500-X IPS SSP and ASA 5585-X IPS SSP do not support bypass mode. The adaptive
security appliance will either fail open, fail close, or fail over depending on the configuration of the
adaptive security appliance and the type of activity being done on the IPS.
Note For information on what you need to configure if you are using the hardware bypass card on the IPS 4260
and the IPS 4270-20, see Hardware Bypass Configuration Restrictions, page 5-12.
Caution There are security consequences when you put the sensor in bypass mode. When bypass mode is on, the
traffic bypasses the sensor and is not inspected; therefore, the sensor cannot prevent malicious attacks.
Caution As with signature updates, when the sensor applies a global correlation update, it may trigger bypass.
Whether or not bypass is triggered depends on the traffic load of the sensor and the size of the
signature/global correlation update. If bypass mode is turned off, an inline sensor stops passing traffic
while the update is being applied.