Cisco IPS Inline Bypass Mode

Posted on in Networking

cover image for article

On occasion, you may need to put your Cisco IPS into bypass mode. Bypass mode allows the IPS to pass traffic without inspecting it. This may be useful if you suspect the IPS is causing a problem, if you are going to run a one-time scan that would set the IPS off, or you need to update some part of the IPS software.

Inline Bypass Modes

There are three inline bypass modes:

  • Auto: In this mode, the sensor determines whether or not it should be in inline bypass mode. If the monitoring process is down, the sensor automatically shifts into inline bypass mode until the monitoring process returns.
  • Off: Inline bypass mode is disabled. Traffic will be forwarded to and is inspected by the Analysis Engine.
  • On: Inline bypass mode is disabled. Traffic flows but is not inspected.

There are two methods for putting the IPS into bypass mode.

Command-Line Interface (CLI)

This is really straightforward:

sensor# configure terminal
sensor(config)# service interface
sensor(config-int)# bypass-mode on
sensor(config-int)# exit
Apply Changes:?[yes]:

IPS Device Manager (IDM)

The IDM has a dedicated Bypass Mode Pane. Simply select "On" and save your configuration.

cisco ips security

My Bookshelf

Reading Now

Other Stuff