Manualshelf

- Cisco Network Router User's Manual

ManualsBrandsCisco Systems ManualsNetwork RouterIPS4520K9
251252253254255256257258259260
B-15
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1
OL-24002-01
Appendix B Initializing the Sensor
Advanced Setup
Step 15
Enter
1
to use the existing anomaly detection configuration, ad0.
Signature Definition Configuration
[1] sig0
[2] Create a new signature definition configuration
Option[2]:
Step 16
Enter
2
to create a signature-definition configuration file.
Step 17
Enter the signature-definition configuration name,
newSig
.
Event Action Rules Configuration
[1] rules0
[2] Create a new event action rules configuration
Option[2]:
Step 18
Enter
1
to use the existing event-action-rules configuration, rules0.
Note
If GigabitEthernet 0/1 has not been assigned to vs0, you are prompted to assign it to the new
virtual sensor.
Virtual Sensor: newVs
Anomaly Detection: ad0
Event Action Rules: rules0
Signature Definitions: newSig
Monitored:
GigabitEthernet0/1
[1] Remove virtual sensor.
[2] Modify "newVs" virtual sensor configuration.
[3] Modify "vs0" virtual sensor configuration.
[4] Create new virtual sensor.
Option:
Step 19
Press Enter to exit the interface and virtual sensor configuration menu.
Modify default threat prevention settings?[no]:
Step 20
Enter
yes
if you want to modify the default threat prevention settings.
Note
The sensor comes with a built-in override to add the deny packet event action to high risk rating
alerts. If you do not want this protection, disable automatic threat prevention.
Virtual sensor newVs is configured to prevent high risk threats in inline mode. (Risk
Rating 90-100)
Virtual sensor vs0 is configured to prevent high risk threats in inline mode.(Risk Rating
90-100)
Do you want to disable automatic threat prevention on all virtual sensors?[no]:
Step 21
Enter
yes
to disable automatic threat prevention on all virtual sensors.
The following configuration was entered.
service host
network-settings
host-ip 10.1.9.201/24,10.1.9.1
host-name aip-ssm
telnet-option disabled
access-list 10.0.0.0/8
access-list 64.0.0.0/8
ftp-timeout 300