Contents
iv
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
System Configuration Dialog
2-2
Basic Sensor Setup
2-4
Advanced Setup
2-7
Advanced Setup for the Appliance
2-8
Advanced Setup for the ASA 5500-X IPS SSP
2-13
Advanced Setup for the ASA 5585-X IPS SSP
2-17
Verifying Initialization
2-20
CHAPTER
3
Setting Up the Sensor
3-1
Setup Notes and Caveats
3-1
Understanding Sensor Setup
3-2
Changing Network Settings
3-2
Changing the Hostname
3-3
Changing the IP Address, Netmask, and Gateway
3-4
Enabling and Disabling Telnet
3-5
Changing the Access List
3-6
Changing the FTP Timeout
3-8
Adding a Login Banner
3-9
Configuring the DNS and Proxy Servers for Global Correlation and Automatic Update
3-10
Enabling SSHv1 Fallback
3-13
Changing the CLI Session Timeout
3-14
Changing Web Server Settings
3-15
Configuring Authentication and User Parameters
3-18
Adding and Removing Users
3-18
Configuring Authentication
3-20
Configuring Packet Command Restriction
3-26
Creating the Service Account
3-28
The Service Account and RADIUS Authentication
3-29
RADIUS Authentication Functionality and Limitations
3-29
Configuring Passwords
3-29
Changing User Privilege Levels
3-30
Showing User Status
3-31
Configuring the Password Policy
3-32
Locking User Accounts
3-33
Unlocking User Accounts
3-34
Configuring Time
3-35
Time Sources and the Sensor
3-35
Synchronizing IPS Module System Clocks with the Parent Device System Clock
3-36