CHAPTER
6-1
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
6
Configuring Virtual Sensors
This chapter explains the function of the Analysis Engine and how to create, edit, and delete virtual
sensors. It also explains how to assign interfaces to a virtual sensor. It contains the following sections:
• Virtual Sensor Notes and Caveats, page 6-1
• Understanding the Analysis Engine, page 6-2
• Understanding Virtual Sensors, page 6-2
• Advantages and Restrictions of Virtualization, page 6-2
• Inline TCP Session Tracking Mode, page 6-3
• Normalization and Inline TCP Evasion Protection Mode, page 6-4
• HTTP Advanced Decoding, page 6-4
• Adding, Editing, and Deleting Virtual Sensors, page 6-5
• Configuring Global Variables, page 6-12
Virtual Sensor Notes and Caveats
The following notes and caveats apply to configuring the virtual sensor:
• The Cisco IPS does not support more than four virtual sensors. You cannot delete the default virtual
sensor vs0.
• The ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and ASA 5585-X IPS SSP) do
not support the inline TCP session tracking mode.
• For the ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and
ASA 5585-X IPS SSP), normalization is performed by the adaptive security appliance and not the
IPS.
• Anomaly detection is disabled by default in IPS 7.1(2)E4 and later. You must enable it to configure
or apply an anomaly detection policy. Enabling anomaly detection results in a decrease in
performance.