Yes, IDM is available in the lab.
From: [email protected] [mailto:[email protected]] On Behalf Of Eugene Pefti Sent: 22 November 2010 10:31 PM To: 'Kingsley Charles'; 'Vybhav Ramachandran' Cc: 'OSL Security' Subject: Re: [OSL | CCIE_Security] Event action overrides I haven't done anything with IPS tasks in the lab but I wouldn't go as far as event action override. By default signature ID 2004 for echo request is disabled. Enable it and make sure you set the action to "Log attacker packets" and change the Alert Severity from "Informational" to "High" But this is easy from IDM GUI. Are we allowed to use IDM on the lab exam ? Eugene From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Monday, November 22, 2010 4:59 AM To: Vybhav Ramachandran Cc: OSL Security Subject: Re: [OSL | CCIE_Security] Event action overrides Either you can lower the severity or add a filter. With regards Kings On Mon, Nov 22, 2010 at 5:07 PM, Vybhav Ramachandran <[email protected]> wrote: Hello All, In the lab, suppose the IPS task asks us to log all ICMP echo packets and fire an alert with "high" severity . I was wondering we are expected to head down to the event-action filters section and add a filter for that particular signal ? ( to prevent the packets from getting dropped in-line )? Cheers, TacACK _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
