Filter
Top Products
14-29
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting
Configuring the Sensor to be a Master Blocking Sensor
If the master blocking sensor requires TLS for web connections, you must configure the ARC of the
blocking forwarding sensor to accept the X.509 certificate of the master blocking sensor remote host.
Sensors by default have TLS enabled, but you can change this option.
Note
Typically the master blocking sensor is configured to manage the network devices. Blocking forwarding
sensors are not normally configured to manage other network devices, although doing so is permissible.
Even if you have no devices configured for blocking or rate limiting, a sensor that is configured for
blocking or rate limiting can forward blocking and rate limiting requests to a master blocking sensor.
When a signature fires that has blocking or rate limit requests configured as event actions, the sensor
forwards the block or rate limit request to the master blocking sensor, which then performs the block or
rate limit.
Caution
Only one sensor should control all blocking interfaces on a device.
Use the master-blocking-sensors
master_blocking_sensor_ip_address command in the service
network access submode to configure a master blocking sensor.
The following options apply:
•
master_blocking_sensor_ip_address—Specifies the IP address of sensor for forward block requests.
•
password—Specifies the account password of sensor for forward block requests.
•
port—Specifies the port of sensor for forward block requests.
•
tls {true | false} —Set to true if the remote sensor requires TLS; otherwise, set to false.
•
username—Specifies the account name of sensor for forward block requests.
Configuring the Master Blocking Sensor
To configure ARC on a sensor to forward blocks to a master blocking sensor, follow these steps:
Step 1
Log in to the CLI using an account with administrator privileges on both the master blocking sensor and
the blocking forwarding sensor.
Step 2
Enter configuration mode on both sensors.
sensor# configure terminal
Step 3
Configure TLS if necessary:
a.
On the master blocking sensor, check to see if it requires TLS and what port number is used. If
enable-tls
is true, go to Step b.
sensor(config)# service web-server
sensor(config-web)# show settings
enable-tls: true <defaulted>
port: 443 <defaulted>
server-id: HTTP/1.1 compliant <defaulted>
sensor(config-web)#
b.
On the blocking forwarding sensor, configure it to accept the X.509 certificate of the master
blocking sensor.
sensor(config-web)# exit
sensor(config)# tls trusted-host ip-address master_blocking_sensor_ip_address
port
port_number