Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
11-3
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 11 Configuring External Product Interfaces
External Product Interface Issues
Note You can only enable two CSA MC interfaces.
Caution You must add the CSA MC as a trusted host so the sensor can communicate with it.
For More Information
For the procedure for adding trusted hosts, see Adding TLS Trusted Hosts, page 4-51.
External Product Interface Issues
When the external product interface receives host posture and quarantine events, the following issues
can arise:
The sensor can store only a certain number of host records:
If the number of records exceeds 10,000, subsequent records are dropped.
If the 10,000 limit is reached and then it drops to below 9900, new records are no longer
dropped.
Hosts can change an IP address or appear to use another host IP address, for example, because of
DHCP lease expiration or movement in a wireless network. In the case of an IP address conflict, the
sensor presumes the most recent host posture event to be the most accurate.
A network can include overlapping IP address ranges in different VLANs, but host postures do not
include VLAN ID information. You can configure the sensor to ignore specified address ranges.
A host can be unreachable from the CSA MC because it is behind a firewall. You can exclude
unreachable hosts.
The CSA MC event server allows up to ten open subscriptions by default. You can change this value.
You must have an administrative account and password to open subscriptions.
CSA data is not virtualized; it is treated globally by the sensor.
Host posture OS and IP addresses are integrated into passive OS fingerprinting storage. You can
view them as imported OS profiles.
You cannot see the quarantined hosts.
The sensor must recognize each CSA MC host X.509 certificate. You must add them as a trusted
host.
You can configure a maximum of two external product devices.
For More Information
For more information on working with OS maps and identifications, see Adding, Editing, Deleting,
and Moving Configured OS Maps, page 7-28 and Displaying and Clearing OS Identifications,
page 7-32.
For the procedure for adding trusted hosts, see Adding TLS Trusted Hosts, page 4-51.
 previous next