CHAPTER
5-1
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
5
Configuring Virtual Sensors
This chapter explains the function of the Analysis Engine and how to create, edit, and delete virtual
sensors. It also explains how to assign interfaces to a virtual sensor. It contains the following sections:
•
Virtual Sensor Notes and Caveats, page 5-1
•
Understanding the Analysis Engine, page 5-2
•
Understanding Virtual Sensors, page 5-2
•
Advantages and Restrictions of Virtualization, page 5-2
•
Inline TCP Session Tracking Mode, page 5-3
•
Normalization and Inline TCP Evasion Protection Mode, page 5-4
•
HTTP Advanced Decoding, page 5-4
•
Adding, Editing, and Deleting Virtual Sensors, page 5-4
•
Configuring Global Variables, page 5-12
Virtual Sensor Notes and Caveats
The following notes and caveats apply to configuring the virtual sensor:
•
The Cisco IPS does not support more than four virtual sensors. You cannot delete the default virtual
sensor vs0.
•
The ASA IPS modules (ASA 5500-X IPS SSP and ASA 5585-X IPS SSP) do not support the inline
TCP session tracking mode.
•
For the ASA IPS modules (ASA 5500-X IPS SSP and ASA 5585-X IPS SSP), normalization is
performed by the adaptive security appliance and not the IPS.
•
Anomaly detection is disabled by default. You must enable it to configure or apply an anomaly
detection policy. Enabling anomaly detection results in a decrease in performance.