Hi IPS uses SDEE ( Cisco Security Device Event Exchange ) to send IPS messages to clients. My understanding is that SDEE is wrapped in HTTP. Hence across firewalls, port 80/443 alone should be opened for SDEE. For log, port 514 should be open.
router2(config)#ip ips notify ? SDEE Send events to SDEE log Send events as syslog messages Please share your thoughts, if you differ. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
