11-3
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 11 Configuring External Product Interfaces
External Product Interface Issues
Note You can only enable two CSA MC interfaces.
Caution You must add the CSA MC as a trusted host so the sensor can communicate with it.
For More Information
For the procedure for adding trusted hosts, see Adding TLS Trusted Hosts, page 4-51.
External Product Interface Issues
When the external product interface receives host posture and quarantine events, the following issues
can arise:
• The sensor can store only a certain number of host records:
–
If the number of records exceeds 10,000, subsequent records are dropped.
–
If the 10,000 limit is reached and then it drops to below 9900, new records are no longer
dropped.
• Hosts can change an IP address or appear to use another host IP address, for example, because of
DHCP lease expiration or movement in a wireless network. In the case of an IP address conflict, the
sensor presumes the most recent host posture event to be the most accurate.
• A network can include overlapping IP address ranges in different VLANs, but host postures do not
include VLAN ID information. You can configure the sensor to ignore specified address ranges.
• A host can be unreachable from the CSA MC because it is behind a firewall. You can exclude
unreachable hosts.
• The CSA MC event server allows up to ten open subscriptions by default. You can change this value.
You must have an administrative account and password to open subscriptions.
• CSA data is not virtualized; it is treated globally by the sensor.
• Host posture OS and IP addresses are integrated into passive OS fingerprinting storage. You can
view them as imported OS profiles.
• You cannot see the quarantined hosts.
• The sensor must recognize each CSA MC host X.509 certificate. You must add them as a trusted
host.
• You can configure a maximum of two external product devices.
For More Information
• For more information on working with OS maps and identifications, see Adding, Editing, Deleting,
and Moving Configured OS Maps, page 7-28 and Displaying and Clearing OS Identifications,
page 7-32.
• For the procedure for adding trusted hosts, see Adding TLS Trusted Hosts, page 4-51.