Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

6-7

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 6 Configuring Virtual Sensors

Adding, Editing, and Deleting Virtual Sensors

Adding a Virtual Sensor

To add a virtual sensor, follow these steps:

Step 1 Log in to the CLI using an account with administrator privileges.

Step 2 Enter service analysis mode.

sensor# configure terminal

sensor(config)# service analysis-engine

sensor(config-ana)#

Step 3 Add a virtual sensor.

sensor(config-ana)# virtual-sensor vs1

sensor(config-ana-vir)#

Step 4 Add a description for this virtual sensor.

sensor(config-ana-vir)# description virtual sensor 1

Step 5 Assign an anomaly detection policy and operational mode to this virtual sensor.

sensor(config-ana-vir)# anomaly-detection

sensor(config-ana-vir-ano)# anomaly-detection-name ad1

sensor(config-ana-vir-ano)# operational-mode learn

Step 6 Assign an event action rules policy to this virtual sensor.

sensor(config-ana-vir-ano)# exit

sensor(config-ana-vir)# event-action-rules rules1

Step 7 Assign a signature definition policy to this virtual sensor.

sensor(config-ana-vir)# signature-definition sig1

Step 8 Enable HTTP advanced decoding.

sensor(config-ana-vir)# http-advanced-decoding true

Caution Enabling HTTP advanced decoding severely impacts system performance.

Step 9 Assign the inline TCP session tracking mode. The default is virtual sensor mode, which is almost always

the best option to choose.

sensor(config-ana-vir)# inline-TCP-session-tracking-mode virtual-sensor

Step 10 Assign the inline TCP evasion protection mode. The default is strict mode, which is almost always the

best option to choose.

sensor(config-ana-vir)# inline-TCP-evasion-protection-mode strict

Step 11 Enable HTTP advanced decoding.

sensor(config-ana-vir)# http-advanced-decoding true

Step 12 Display the list of available interfaces.

sensor(config-ana-vir)# physical-interface ?

GigabitEthernet0/0 GigabitEthernet0/0 physical interface.

GigabitEthernet0/1 GigabitEthernet0/1 physical interface.

GigabitEthernet2/0 GigabitEthernet0/2 physical interface.

GigabitEthernet2/1 GigabitEthernet0/3 physical interface.

previous next