Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

6-5

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 6 Configuring Virtual Sensors

Adding, Editing, and Deleting Virtual Sensors

Note Because HTTP advanced decoding requires the Regex card and the String XL engine, it is available only

to those platforms that have them. HTTP advanced decoding is supported on the IPS 4345, IPS 4360,

IPS 4510, IPS 4520, ASA 5585-X IPS SSP, ASA 5525-X IPS SSP, ASA 5545-X IPS SSP, and

ASA 5555-X IPS SSP.

Adding, Editing, and Deleting Virtual Sensors

This section describes how to add, edit, and delete virtual sensors, and contains the following topics:

• Adding Virtual Sensors, page 6-5

• Editing and Deleting Virtual Sensors, page 6-9

Adding Virtual Sensors

Use the virtual-sensor name command in service analysis engine submode to create a virtual sensor.

You can create up to four virtual sensors. You assign policies (anomaly detection, event action rules, and

signature definition) to the virtual sensor. Then you assign interfaces (promiscuous, inline interface

pairs, inline VLAN pairs, and VLAN groups) to the virtual sensor. You must configure the inline

interface pairs and VLAN pairs before you can assign them to a virtual sensor.

Note Anomaly detection is disabled by default in IPS 7.1(2)E4 and later. You must enable it to configure or

apply an anomaly detection policy. Enabling anomaly detection results in a decrease in performance.

The following options apply:

• http-advanced-decoding {true | false}—Enables deeper inspection of HTTP traffic. The default is

disabled. Valid for IPS 7.1(5)E4 and later.

Note HTTP advanced decoding is supported on the IPS 4345, IPS 4360, IPS 4510, IPS 4520,

ASA 5585-X IPS SSP, and ASA 5525-X IPS SSP, ASA 5545-X IPS SSP, and

ASA5555-XIPSSSP

Caution Enabling HTTP advanced decoding severely impacts system performance.

• anomaly-detection—Specifies the anomaly detection parameters:

–

anomaly-detection-name name—Specifies the name of the anomaly detection policy.

–

operational-mode—Specifies the anomaly detection mode (inactive, learn, detect).

• description—Description of the virtual sensor.

• event-action-rules—Specifies the name of the event action rules policy.

previous next