11-3
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Chapter 11 Configuring External Product Interfaces
External Product Interface Issues
Note
You can only enable two CSA MC interfaces.
Caution
You must add the CSA MC as a trusted host so the sensor can communicate with it.
For More Information
For the procedure for adding trusted hosts, see Adding TLS Trusted Hosts, page 3-52.
External Product Interface Issues
When the external product interface receives host posture and quarantine events, the following issues
can arise:
•
The sensor can store only a certain number of host records:
–
If the number of records exceeds 10,000, subsequent records are dropped.
–
If the 10,000 limit is reached and then it drops to below 9900, new records are no longer
dropped.
•
Hosts can change an IP address or appear to use another host IP address, for example, because of
DHCP lease expiration or movement in a wireless network. In the case of an IP address conflict, the
sensor presumes the most recent host posture event to be the most accurate.
•
A network can include overlapping IP address ranges in different VLANs, but host postures do not
include VLAN ID information. You can configure the sensor to ignore specified address ranges.
•
A host can be unreachable from the CSA MC because it is behind a firewall. You can exclude
unreachable hosts.
•
The CSA MC event server allows up to ten open subscriptions by default. You can change this value.
You must have an administrative account and password to open subscriptions.
•
CSA data is not virtualized; it is treated globally by the sensor.
•
Host posture OS and IP addresses are integrated into passive OS fingerprinting storage. You can
view them as imported OS profiles.
•
You cannot see the quarantined hosts.
•
The sensor must recognize each CSA MC host X.509 certificate. You must add them as a trusted
host.
•
You can configure a maximum of two external product devices.
For More Information
•
For more information on working with OS maps and identifications, see Adding, Editing, Deleting,
and Moving Configured OS Maps, page 8-28 and Displaying and Clearing OS Identifications,
page 8-31.
•
For the procedure for adding trusted hosts, see Adding TLS Trusted Hosts, page 3-52.