Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

6-9

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 6 Configuring Virtual Sensors

Adding, Editing, and Deleting Virtual Sensors

For More Information

• For the procedure for creating virtual sensors on the ASA 5500 AIP SSM, see Creating Virtual

Sensors for the ASA 5500 AIP SSM, page 18-4.

• For the procedure for creating virtual sensors on the ASA 5500-X IPS SSP, see Creating Virtual

Sensors for the ASA 5500-X IPS SSP, page 19-3.

• For the procedure for creating virtual sensors on the ASA 5585-X IPS SSP, see Creating Virtual

Sensors for the ASA 5585-X IPS SSP, page 20-4.

• For more information on creating and configuring anomaly detection policies, see Working With

Anomaly Detection Policies, page 9-9.

• For more information on creating and configuring event action rules policies, see Working With

Event Action Rules Policies, page 7-8.

• For more information on creating and configuring signature definition policies, see Working With

Signature Definition Policies, page 8-2.

• For more information about normalization, see Normalization and Inline TCP Evasion Protection

Mode, page 6-4.

• For more information about inline TCP session tracking mode, see Inline TCP Session Tracking

Mode, page 6-3.

• For the procedure for pairing inline interfaces, see Configuring Inline Interface Pairs, page 5-21.

Repeat Step 11 for all the inline interface pairs that you want to assign to this virtual sensor.

• For the procedure for pairing and grouping inline VLANs, see Configuring Inline VLAN Pairs,

page 5-26 and Configuring VLAN Groups, page 5-32. Repeat Step 12 for all inline VLAN pairs or

VLAN groups that you want to assign to this virtual sensor.

• For the procedure for enabling anomaly detection, see Enabling Anomaly Detection, page 9-8.

Editing and Deleting Virtual Sensors

You can edit the following parameters of a virtual sensor:

• Signature definition policy

• Event action rules policy

• Anomaly detection policy

Note Anomaly detection is disabled by default in IPS 7.1(2)E4 and later. You must enable it to

configure or apply an anomaly detection policy. Enabling anomaly detection results in a

decrease in performance.

• Anomaly detection operational mode

• Inline TCP session tracking mode

Note The ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and

ASA 5585-X IPS SSP) do not support the inline TCP session tracking mode.

• Description

• Interfaces assigned

previous next