Filter
Top Products
A-29
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix A System Architecture
CollaborationApp
The client manifest contains the UDI of the sensor, which includes the serial number of the sensor, and
an encrypted shared secret that the server uses to verify the sensor is an authentic Cisco IPS sensor. The
server manifest contains a list of update files available for each component. For each update file in the
list, the server manifest contains data, such as the update version, type, order, location, file transfer
protocol, and so forth.
There are two types of updates files: a full update file that replaces any existing data in the database of
the component, and an incremental update that modifies the existing reputation data by adding, deleting,
or replacing information. When all update files have been applied for all components, the temporary
databases are committed by replacing the working databases.
Authentication and authorization are achieved though the secret encryption mechanism and decryption
key management. The Global Correlation Update server authenticates the sensor using the shared secret
encryption mechanism contained in the client manifest. The Global Correlation Update client authorizes
sensors using decryption key management. Sensors that have been authenticated by the Global
Correlation Update server are sent valid keys in the server manifest so that they can decrypt the update
files.
Caution You receive a warning message if you have enabled global correlation, but you have not configured a
DNS or HTTP proxy server. This warning is a reminder to either disable global correlation or add a DNS
or HTTP proxy server.
For More Information
For the procedure for adding a DNS or proxy server to support global correlation, see Changing Network
Settings, page 4-2.
Error Events
Whenever a global correlation update fails, an evError event is generated. The error message is included
in sensor statistics. The following conditions result in a status message with the severity of Error:
• The sensor is unlicensed
• No DNS or HTTP proxy server is configured
• The manifest exchange failed
• An update file download failed
• Applying or committing the update failed
An evError event is generated with the severity level of Warning if you edit and save either the host or
global correlation configurations so that global correlation is enabled, but no DNS or HTTP proxy
servers are configured.
For More Information
For the procedure for displaying sensor statistics, see Displaying Statistics, page 17-31.