Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
9-29
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 9 Configuring Anomaly Detection
Configuring the External Zone
Configuring the External Zone
This section describes how to configure the external zone, and contains the following topics:
Understanding the External Zone, page 9-29
Configuring the External Zone, page 9-29
Configuring TCP Protocol for the External Zone, page 9-30
Configuring UDP Protocol for the External Zone, page 9-32
Configuring Other Protocols for the External Zone, page 9-35
Understanding the External Zone
The external zone is the default zone with the default Internet range of 0.0.0.0-255.255.255.255. By
default, the internal and illegal zones contain no IP addresses. Packets that do not match the set of IP
addresses in the internal or illegal zone are handled by the external zone.
You can enable or disable TCP, UDP, and other protocols for the external zone. You can configure a
destination port for the TCP and UDP protocols and a protocol number for the other protocols. You can
either use the default thresholds or override the scanner settings and add your own thresholds and
histograms.
Configuring the External Zone
Use the external-zone {enabled | tcp | udp |other} command in service anomaly detection submode to
enable the external zone and specify protocols. The following options apply:
enabled {false | true}—Enables/disables the zone.
tcp—Lets you configure TCP protocol.
udp—Lets you configure UDP protocol.
other—Lets you configure other protocols besides TCP and UDP.
Configuring the External Zone
To configure the external zone, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Enter anomaly detection external zone submode.
sensor# configure terminal
sensor(config)# service anomaly-detection ad0
sensor(config-ano)# external-zone
sensor(config-ano-ext)#
Step 3 Enable the external zone.
sensor(config-ano-ext)# enabled true
Step 4 Configure TCP protocol.
Step 5 Configure UDP protocol.
 previous next