Filter
Top Products
11-5
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 11 Configuring External Product Interfaces
Adding External Product Interfaces and Posture ACLs
Use the cisco-security-agents-mc-settings ip-address command in service external product interfaces
submode to add the CSA MC as an external product interface. The following options apply:
• enabled {yes | no}—Enables/disables the receipt of information from the CSA MC.
• host-posture-settings—Specifies how host postures received from the CSA MC are handled:
–
allow-unreachable-postures {yes | no}—Allows postures for hosts that are not reachable by
the CSA MC.
A host is not reachable if the CSA MC cannot establish a connection with the host on any IP
addresses in the posture of the host. This option is useful in filtering the postures whose IP
addresses may not be visible to the IPS or may be duplicated across the network. This filter is
most applicable in network topologies where hosts that are not reachable by the CSA MC are
also not reachable by the IPS, for example if the IPS and the CSA MC are on the same network
segment.
–
enabled {yes | no}—Enables/disables receipt of host postures from the CSA MC.
–
posture-acls {edit | insert | move} name1 {begin | end | inactive | before | after}—Specifies
the list of permitted or denied posture addresses. This command provides a mechanism for
filtering postures that have IP addresses that may not be visible to the IPS or may be duplicated
across the network.
–
action {permit | deny}—Specifies the permit or deny postures that match the specified network
address.
–
network-address address—Specifies the network address, in the form x.x.x.x/nn, for postures
to be permitted or denied.
• password—Specifies the password used to log in to the CSA MC.
• port —Specifies the TCP port to connect to on the CSA MC. The valid range is 1 to 65535. The
default is 443.
• username —Specifies the username used to log in to the CSA MC.
• watchlist-address-settings—Specifies how watch listed addresses received from the CSA MC are
handled:
–
enabled {yes | no}—Enables/disables receipt of watch list addresses from the CSA MC.
–
manual-rr-increase—Specifies the number added to an event RR because the attacker has been
manually watch-listed by the CSA MC. The valid range is 0 to 35. The default is 25.
–
packet-rr-increase—Specifies the number added to an event risk rating because the attacker
has been watch listed by the CSA MC because of a sessionless packet-based policy violation.
The valid range is 0 to 35. The default is 10.
–
session-rr-increase—Specifies the number added to an event risk rating because the attacker
has been watch-listed by the CSA MC because of a session-based policy violation. The valid
range is 0 to 35. The default is 25.
Note Make sure you add the external product as a trusted host so the sensor can communicate with it.