Flexible Packet Matching

[Dennis Bohn <BOHN () ADELPHI EDU>]

Hi Joey,
 
FPM has been a real disappointment.  My thoughts were exactly like yours, to use it to block emergent threats.  I have 
been attempting to use FPM since November or December, with constant TAC cases since then, bouncing from the Routing 
group to the security group, now in the Crash group.   Quite frankly, the TAC engineers had no idea about FPM either; 
they were learning it on the fly, and learning that it really wasn't working.  The current state for my hardware (3925) 
using the latest recommended code (15.1.(4)M) is this: in interface config, when  the 'service-policy type 
access-control input  $policy' is applied, the router crashes.  NBAR also stopped working around 12.4.X (likely due to 
the development of FPM) ; I have not tried the latest code to see if NBAR at least has been fixed.  
 
Perhaps at some point, it will be useful.  Hit me off-list and I can give you a couple of tips on the configuration, if 
you still want to try it.
best,
dennis
 
 
 
Is there anyone out there who is trying to secure/drop egress traffic using=
 Flexible Packet matching?  With all the malware and Bots out there I was w=
ondering if anyone has taken that route.  If so would anyone be willing to =
share any details?
 
Thanks
Joey Rego
Network Security Administrator
Lynn University
 
 
 
Dennis Bohn
Manager of Network and Systems
Adelphi University
bohn () adelphi edu
5168773327