Cisco Anomaly Guard Module Configuration Guide (Software Version 5.1) - Index [Cisco Services Modules]

Table Of Contents

Symbols - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X - Z

Index

Symbols

# (number sign) 12-12

* (wildcard) 3-9, 6-7, 12-12

A

AAA

accounting 4-18

authentication 4-7

authorization 4-15

configuring 4-4

aaa accounting command 4-18

aaa authentication command 4-7

aaa authorization command 4-15

accounting, configuring 4-18

action command 8-31

action flow 12-16

activation

activation-extent command 10-9

activation-interface command 10-5

interface 10-4

method 10-4

sensitivity 10-8

add-service command 8-15

admin privilege level 3-2, 4-8

advertised routes, viewing 5-10, 5-14, 5-19

always-accept 8-33

always-ignore 8-33

analysis protection level 1-7, 8-17

anomaly

detected 12-4

flow 12-12

anomaly detection engine memory usage 13-35, 13-37

anti-spoofing drop statistics 15-11

AP

booting to 2-9

clearing configuration 14-23

clearing passwords 14-23, 14-24

upgrading 14-14

upgrading, inline 14-19

application partition

See AP

arp command 13-38

attack-detection command 10-12

attack report

copying 12-18

detected anomalies 12-4

exporting 12-17, 12-18

exporting automatically 12-18

layout 12-1

malicious packets statistics 12-3

mitigated attacks 12-5

notify 12-12

statistics 12-2

timing 12-2

viewing 12-13, 15-6

attack reports

exporting 14-9

attack statistics 15-7

attack type

client 12-8

malformed packets 12-10

mitigated attack 12-14

user defined 12-9

zombie 12-8, 12-11

authentication, configuring 4-7

authorization

disabling zone command completion 4-18, 6-9

authorization, configuring 4-11, 4-12

auth packet types 8-18

automatic protection mode 10-4

automatic protect mode 1-6, 10-4

B

bad packets to proxy drop statistics 15-10

banner

configuring login 4-41

basic

user filter actions 7-21

basic protection level 1-7, 8-17

Berkley Packet filter 7-12

block dynamic filter actions 7-28

block-unauthenticated policy action 8-31

boot command 2-9

burn flash 14-22

bypass filter

command 7-17

configuring 15-6

definition 1-7, 7-2

deleting 7-19

displaying 7-18

C

capture, packets 13-18

caution

symbol overview xxix

CFE 14-15, 14-21, 14-22

clear ap config command 14-23

clear ap password command 14-23, 14-24

clear counters command 3-14, 13-6

clear log command 13-13

CLI

changing prompt 4-33

command shortcuts 3-9

error messages 3-7

getting help 3-8

issuing commands 3-5

TAB completion 3-8

using 3-2

client attack 12-14

client attack mitigated attacks 12-8

command completion 4-18

command line interface

See CLI 3-2

command shortcuts 3-9

comparator 7-4

config privilege level 3-2, 4-8

configuration

file

copying 14-3

exporting 14-4

importing 14-6

viewing 13-2

importing 14-6

saving supervisor engine 2-1

configuration, accessing command mode 4-17

configuration mode 3-3

configure command 3-10

constructing policies 9-6

copy command

packet-dump 13-22

copy commands

ftp running-config 14-6

log 13-9, 13-12

reports 12-18

running-config 6-16, 14-4

zone log 13-12

copy-from-this 6-8

copy login-banner command 4-42

copy-policies command 9-25

copy wbm-logo command 4-44

counters

clearing 3-14, 13-6

history 13-4

counters, viewing 13-4

cpu utilization 13-35

D

DDoS

attack classification 15-7

overview 1-3

deactivate command 9-10, 10-16

deactivating commands

commands, dedactivating 3-6

deactivating protection 10-11

default configuration, returning to 14-23

default-gateway command 3-14

default zone 10-8

description command 6-10

detected

anomalies 12-4

flow 12-16

diff command 9-22, 9-23

disable command 8-11

disabling

automatic export 14-10

distributed denial of service

See DDoS

diversion

command 5-6, 5-7

configuring inline 5-11

configuring out-of-path 5-15

definition 5-2

hijacking 5-5

injection 5-7, 5-20

mechanism 5-4

network configuration 5-2

restoring default values 5-7

troubleshooting 15-2

viewing advertised routes 5-10, 5-14, 5-19

DNS

detected anomalies 12-4

drop statistics 15-10, 15-11

TCP policy templates 8-5

drop

dynamic filter action 7-28

policy action 8-32

statistics 15-8

user filter action 7-21

dropped packets

learning 9-2

drop-statistics command 15-8

dst traffic characteristics 8-19

dynamic filter

1000 and more 7-30

actions 7-20, 7-28

command 7-32, 7-34

deactivating 7-35

definition 1-7

deleting 7-34, 15-5

displaying 7-29, 15-4

displaying events 13-10

inactivating 15-5

overview 7-2, 7-27

preventing production of 7-35

sorting 7-29

terminating 7-36

zone malicious rate 7-36

dynamic privilege level 3-2, 4-8

E

enable

command 4-14, 8-11

password command 4-13

enabling services 4-3

even log

deactivating 13-9

event log

activating 13-9

event monitor command 13-9

export

disabling automatic 14-10

export command 14-9

packet-dump 13-21

reports 12-18

exporting

configuration file 14-4

log file 13-12

reports automatically 12-18

extracting signatures 13-28

F

facility 13-10

file server

configuring 14-2

file-server

command 14-2

configuring 14-2

deleting 14-3

displaying 14-3, 14-11

file server, displaying sync-config 14-11

filter rate

termination threshold 7-36

filters

bypass 1-7, 7-17

dynamic 1-7, 7-2, 7-27

flex-content 1-7, 7-4

overview 7-1

user 1-7, 7-20

filter-termination command 7-36

first-hit 4-22, 4-23

fixed-threshold 8-24

flash-burn command 14-22

flex-content filter

configuring 7-5

default configuration 13-50

definition 1-7, 7-2

displaying 7-14

dropped 15-8

filtering criteria 7-4

renumbering 7-5

fragments

detected anomalies 12-4

policy template 8-5

G

generating signatures 13-28

global mode 3-3

global traffic characteristics 8-19

Guard

configuring multiple 2-11

self protection 13-49

GUARD_DEFAULT 6-3

GUARD_LINK 6-4

GUARD_TCP_NO_ PROXY 6-4

GUARD_VOIP 6-4

GUARD configuration, importing 6-16

H

high availability 2-12

host, logging 13-11

host keys

deleting 4-28, 4-29

hostname

changing 4-33

command 4-33

HTTP

detected anomalies 12-4

policy template 8-5

hw-module command 14-14, 14-15, 14-17, 14-19, 14-24

hw-module commands 2-8

hybrid 12-14

I

idle session, configuring timeout 4-46

idle session, displaying timeout 4-46

importing

configuration 14-6

importing GUARD configuration 6-16

incoming TCP drop statistics 15-9

injecting

VRF 5-22

injecting, tunnel 5-25

inline upgrade 14-19

in packet types 8-18

installation

verifying 2-2

interactive

operation mode 11-5

policy status 8-34

interactive protection mode 10-4

interactive protect mode 1-6, 10-4

interactive-status command 8-33

interface

activating 3-10, 3-11

clearing couters 3-14

command 3-11, 3-12, 3-13

configuration mode 3-3

configuring IP address3-11to 3-13

loopback 3-13

ip address

modifying, zone 6-12

IP address command

excluding 6-11

ip address command

deleting 6-13

interface3-11to 3-13

zone 6-11, 10-3

ip route command 3-15

IP scan

detected anomalies 12-4

policy template 8-5

IP threshold configuration 8-27

K

key command

add 4-30

generate 4-33

remove 4-31

L

land attack drop statistics 15-11

layer 3 interface

configuring on VLAN 2-6

learning

command 9-8, 9-11

constructing policies 9-6

dropped packets 9-2

overview 9-2

policy-construction command 9-6

synchronizing results 9-5

terminating process 9-8, 9-11

threshold-tuning command 9-9, 9-10

tuning thresholds 9-9

learning accept command 9-7, 9-11

learning parameters, displaying 9-13

learning params

threshold-selection command 9-15

learning-params

deactivating periodic action 9-11

deactivating periodic-action command 9-7

periodic-action command 9-7, 9-11, 9-14

threshold-multiplier command 8-25

threshold-selection command 9-11

threshold-tuned command 6-12, 9-17

learning-params fixed-threshold command 8-24

LINK templates 9-6

load sharing 2-11

log

displaying subzones 10-11

log file

clearing 13-13

exporting 13-9, 13-12

viewing 13-11

logging, viewing configuration 13-11

logging command 13-10

login banner

configuring 4-41

deleting 4-43

importing 4-42

login-banner command 4-41

logo, adding WBM 4-44

logo, deleting WBM 4-46

loopback interface 3-13

M

maintenance partition

See MP

malformed packets 12-14

mitigated attacks 12-10

malformed packets drop statistics 15-12

malicious packets statistics

attack report 12-3

malicious rate termination threshold 7-35

management

overview 3-17

port 2-3, 3-9, 3-11

SSH 3-19

VLAN 2-3

WBM 3-18

max-services command 8-10

memory consumption 13-34

memory usage, anomaly detection engine 13-35, 13-37

MIB, supported 4-2

min-threshold command 8-10

mitigated attacks

client attack 12-8

malformed packets 12-10

overview 12-5

spoofed 12-6

user defined 12-9

monitoring

network traffic 13-21, 13-22

MP

booting to 2-9

upgrading 14-16

upgrading, inline 14-19

mtu command 3-11, 3-12

multiple Guards

configuring 2-11

N

netstat command 13-41

network server

configuring 14-2

deleting 14-3

displaying 14-3, 14-11

network server, displaying sync-config 14-11

no learning command 9-8, 9-11

non DNS drop statistics 15-10

no proxy policy templates 8-7

note

symbol overview xxix

notify 12-12

notify policy action 8-32

ns policy templates 8-7

num_sources packet type 8-18

O

on-demand 10-3

other protocols

detected anomalies 12-4

policy template 8-5

other protocols drop statistics 15-9

out_pkts packet types 8-18

outgoing TCP drop statistics 15-9

P

packet-dump

auto-capture command 13-17

automatic

activating 13-15

deactivating 13-17

displaying settings 13-17

exporting 13-21, 13-22, 14-9

signatures 13-29

packet-dump command 13-18

packets, capturing 13-18

password

changing 4-9

enabling 4-13

encrypted 4-9

recovering 14-23, 14-24

password, recovering 14-24

pending dynamic filters 11-2

displaying 11-4, 11-8

periodic action

accepting policies automatically 9-11

acepting policies automatically 9-7

deactivating 9-7, 9-11

permit

command 3-18, 3-19, 4-3

user filter action 7-21

permit ssh command 4-29

ping command 13-46

pkts packet type 8-18

policy

action 8-21, 8-31, 8-32

activating 8-21

adding services 8-14

backing up current 8-39, 9-21, 9-27

command 8-20

configuration mode 3-4

constructing 1-5, 8-4, 9-3, 9-6

copying parameters 9-25

copy-policies 9-25

deleting services 8-15

disabling 8-21

inactivating 8-21

learning-params, fixed-threshold command 8-24

marking as tuned 6-12, 9-17

marking threshold as fixed 8-24

multiplying thresholds 8-26, 15-4, 15-5

navigating path 8-20

packet types 8-17

proxy threshold 8-29

show statistics 8-36

state 8-21

structure 8-2

threshold 8-4, 8-21, 8-23

threshold-list command 8-27

timeout 8-21, 8-29

traffic characteristics 8-19

tuning thresholds 1-5, 8-4, 9-3, 9-9

using wildcards 8-21, 8-35, 8-37

viewing 15-4

viewing statistics 9-12

policy set-timeout command 8-30

policy template

command 8-8, 8-9, 8-11

configuration command level 8-9

configuration mode 3-4

displaying list 8-8

max-services 8-10

min-threshold 8-10

overview 8-4, 8-13

parameters 8-8

state 8-11

policy-template add-service command 8-15

policy-template remove service command 8-15

port

data 3-9, 3-11

management 3-9, 3-11

port scan

detected anomalies 12-4

policy template 8-5

power enable command 2-9

privilege levels 3-2

assigning passwords 4-13

moving between 4-14

protect

activating 3-16

automatic mode 1-6, 10-4

command 10-14

deactivating 10-16

deactivating automatically 10-11

entire zone 10-14

inactivity timeout 10-11

interactive mode 1-6, 10-4

on-demand 10-3

specific IP 10-15

specific ip address 10-15

specific zone IP 10-14

specific zone ip address 10-14

protect command 10-16

protection

activation sensitivity 10-8

protection-end-timer command 10-11

protection level

analysis 1-7, 8-17

basic 1-7, 8-17

strong 1-8, 8-17

protection levels

overview 8-17

protect learning command 9-9

protect-packet command 10-8

protocol traffic characteristics 8-19

proxy

command 3-17

configuring 3-16

no proxy policy templates 8-7

proxy-threshold command 8-29

public-key

displaying 4-32

R

rate-limit command 6-10, 7-17

Rate Limiter

dropped 15-8

rates

history 13-4

rates, viewing 13-4

reactivate-zones 14-11

rebooting

parameters 14-11

recommendations

accepting 11-10

activating 11-5, 11-9

change decision 8-33

command 11-9

deactivating 11-4, 11-11

displaying 11-2

ignoring 11-10

overview 11-2

receiving notification 11-2

viewing 11-5

viewing pending-filters 11-4, 11-8

redirect/zombie

dynamic filter action 7-28

policy action 8-32

redundancy 2-11, 2-12

reload command 14-11

remove service command 8-15

renumbering flex-content filters 7-5

renumbering user filters 7-22

replied packets 12-3

report

See attack report 12-1

reports

details 12-13

displaying subzones 10-11

exporting 14-9

reqs packet type 8-18

reset command 2-8

router configuration mode 3-3

routing table

manipulation 3-15

viewing 3-16

RTP/RTCP 6-4

running-config

copy 6-16, 14-4, 14-6

show 13-2

S

self-protection command 13-49

service

adding 8-14

command 3-18, 4-3

copy 9-25

deleting 8-15

permissions 4-3

snmp-trap 4-34

wbm 3-18

services

enabling 4-3

session, configuring timeout 4-46

session, displaying idle timeout 4-46

session timeout, disableling 4-46

session-timeout command 4-46

set-action 8-32

show commands

counters 13-4

cpu 13-35

diagnostic-info 13-33

drop-statistics 15-8

dynamic-filters 7-29, 15-4

file-servers 14-3, 14-11

flex-content-filter 7-14

host-keys 4-29

learning parameters 9-13

learning-params 8-24

log 13-11

log export-ip 13-11

logging 13-11

login-banner 4-42

memory 13-35

module 2-2, 14-14, 14-17

packet-dump 13-17

packet-dump signatures 13-29

policies 8-35, 15-3, 15-4

policies statistics 8-36, 9-12

public-key 4-32

rates 13-4, 15-1

recommendations 11-6, 11-7

recommendations pending-filters 11-4, 11-8

reports 15-6

reports details 12-13

running-config 13-2

show 13-3

sorting dynamic-filters 7-29

sync-config file-servers 14-11

templates 6-7

zone policies 8-35

show privilege level 3-2, 4-9

show public-key command 4-33

shutdown command 3-11

signature

generating 13-28

SIP

detected anomalies 12-5

drop statistics 15-11

malformed packets 12-11

policy template 8-6

spoofed attacks 12-8

user filter action 7-21

zone template 6-4

snapshot

backing up policies 8-39, 9-21, 9-27

command 9-20

comparing 9-22

deleting 9-25

displaying 9-23

saving 9-20, 9-21

snapshot command 9-19

snapshots

save periodically 9-14

SNMP

accessing 4-2

configuring trap generator 4-34

traps description 4-36

snmp commands

community 4-40

trap-dest 4-34

specific IP threshold 8-27

spoofed attack 12-14

spoofed attacks 12-6

src traffic characteristics 8-19

SSH

configuring 3-19

deleting keys 4-31

generating key 4-33

service 3-19

state command 8-21, 15-5

static route

adding 3-15

strong

dynamic filter action 7-28

policy action 8-31

protection level 1-8, 8-17

user filter action 7-22

sub zone 10-9, 10-10

subzone

displaying logs and attack reports 10-11

supervisor engine

booting 2-9

configuring 2-1

configuring VLANs 2-4

powering off 2-9

resetting 2-8

saving configuration 2-1

shutting down 2-8

verifying configuration 2-10

supervisor module

supported versions 14-12

syn_by_fin packet type 8-18

syns packet type 8-18

syslog

configuring export parameters 13-10

configuring server 13-11

message format 13-10

system log

message format 13-10

T

TACACS+

authentication

key generate command 4-26, 4-29

clearing statistics 4-24

configuring search 4-22

configuring server 4-19

server connection timeout 4-23

server encryption key 4-21

server IP address 4-21

viewing statistics 4-24

tacacs-server commands

clear statistics 4-24

first-hit 4-20, 4-22, 4-23

host 4-20, 4-21

key 4-20, 4-21

show statistics 4-24

timeout 4-20, 4-23

TCP

detected anomalies 12-4

drop statistics 15-9, 15-11

no proxy policy templates 8-7

policy templates 8-5

templates

LINK 9-6

viewing policies 6-7

zone 6-3

thresh-mult 8-26, 15-4, 15-5

threshold

command 8-23

configuring IP threshold 8-27

configuring list 8-27

configuring specific IP 8-27

filter rate termination 7-36

malicious rate termination 7-35

marking as tuned 6-12, 9-17

multiplying 15-4, 15-5

multiplying before accepting 8-25

selection 9-20

setting as fixed 8-24

tuning 1-5, 9-3

threshold-list command 8-27

threshold selection 9-11

threshold tuning

save results periodically 9-14

timeout command 8-29

timeout session, configuring 4-46

timeout session, disabling 4-46

timesaver

symbol overview xxix

tip

symbol overview xxix

to-user-filters

dynamic filter action 7-28

policy action 8-31

traceroute command 13-44

traffic

monitoring 13-21, 13-22

trap 13-10

trap-dest 4-34

tuning policy thresholds 9-9

U

UDP

detected anomalies 12-5

drop statistics 15-10

policy templates 8-6

unauthenticated drop statistics 15-9

unauth_pkts packet type 8-18

unauthenticated TCP detected anomalies 12-5

upgrade command 14-24

upgrading

AP 14-14

inline 14-19

MP 14-16

user

detected anomalies 12-5

user defined mitigated attacks 12-9

user filter

actions 7-20, 7-21, 7-28

command 7-5, 7-22, 7-23

configuring 7-20

definition 1-7, 7-2

deleting 7-27

displaying 7-25

renumbering 7-22

username

encrypted password 4-9

username command 4-8

users

adding 4-8

adding new 4-8

assigning privilege levels 4-7

deleting 4-11

privilege levels 3-2, 4-12

system users

admin 2-7

riverhead 2-7

username command 4-8

V

version, upgrading 14-24

VLAN

administrative 2-5

assigning 2-5

configuring 3-12

configuring layer 3 interface 2-6

configuring on supervisor engine 2-4

Voice over IP

See VoIP

VoIP

detected anomalies 12-5

drop statistics 15-11

malformed packets 12-11

policy template 8-6

spoofed attacks 12-8

user filter action 7-21

zone template 6-4

VPN Routing and Forwarding, See VRF

VRF, configuring injection 5-22

W

WBM

activating 3-18

WBM logo

adding 4-44

deleting 4-46

X

XML schema12-18to 12-21, 13-21, 14-10

Z

zombie 12-14

packet counter 13-5

zombie attack 12-16

zone

blocking criteria 15-4

blocking flows 15-2

clearing counters 13-6

command 6-6, 6-8, 11-5

command completion 4-18, 6-9

comparing 9-23

configuration mode 3-4, 6-9

copying 6-8

creating 6-6

creating default 10-8

defining IP address 6-11

definition 1-3, 6-2

deleting 6-7

deleting IP address 6-13

duplicating 6-8

excluding IP address 6-11

IP address 6-11

learning 9-2

LINK templates 9-6

malicious rate 10-12

modifying IP address 6-12

operation mode 6-7

protecting 10-2

reconfiguring 6-9

sub 10-9, 10-10

synchronize configuration 6-13

synchronizing offline 6-15

templates 6-3

viewing configuration 6-11

viewing policies 8-34

viewing status 13-3

zone-malicious-rate 7-36

zone policy

marking as tuned 6-12, 9-17

zone protection

terminating 10-11, 10-16

	Cisco Anomaly Guard Module Configuration Guide (Software Version 5.1)
	Index
Cisco Anomaly Guard Module Configuration Guide (Software Version 5.1) Index Preface Product Overview Configuring the Guard Module on the Supervisor Engine Initializing the Guard Module Configuring the Guard Module Configuring Traffic Diversion Configuring Zones Configuring Zone Filters Configuring Policy Templates and Policies Learning the Zone Traffic Characteristics Protecting Zones Using Interactive Protect Mode Understanding Attack Reports Using Guard Module Diagnostics Tools Performing Maintenance Tasks Analyzing Guard Module Mitigation	Download this chapter Index Download the complete book Cisco Anomaly Guard Module Configuration Guide (Software Version 5.1), Book-Length PDF (PDF - 3 MB) Table Of Contents Symbols - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X - Z Index Symbols # (number sign) 12-12 * (wildcard) 3-9, 6-7, 12-12 A AAA accounting 4-18 authentication 4-7 authorization 4-15 configuring 4-4 aaa accounting command 4-18 aaa authentication command 4-7 aaa authorization command 4-15 accounting, configuring 4-18 action command 8-31 action flow 12-16 activation activation-extent command 10-9 activation-interface command 10-5 interface 10-4 method 10-4 sensitivity 10-8 add-service command 8-15 admin privilege level 3-2, 4-8 advertised routes, viewing 5-10, 5-14, 5-19 always-accept 8-33 always-ignore 8-33 analysis protection level 1-7, 8-17 anomaly detected 12-4 flow 12-12 anomaly detection engine memory usage 13-35, 13-37 anti-spoofing drop statistics 15-11 AP booting to 2-9 clearing configuration 14-23 clearing passwords 14-23, 14-24 upgrading 14-14 upgrading, inline 14-19 application partition See AP arp command 13-38 attack-detection command 10-12 attack report copying 12-18 detected anomalies 12-4 exporting 12-17, 12-18 exporting automatically 12-18 layout 12-1 malicious packets statistics 12-3 mitigated attacks 12-5 notify 12-12 statistics 12-2 timing 12-2 viewing 12-13, 15-6 attack reports exporting 14-9 attack statistics 15-7 attack type client 12-8 malformed packets 12-10 mitigated attack 12-14 user defined 12-9 zombie 12-8, 12-11 authentication, configuring 4-7 authorization disabling zone command completion 4-18, 6-9 authorization, configuring 4-11, 4-12 auth packet types 8-18 automatic protection mode 10-4 automatic protect mode 1-6, 10-4 B bad packets to proxy drop statistics 15-10 banner configuring login 4-41 basic user filter actions 7-21 basic protection level 1-7, 8-17 Berkley Packet filter 7-12 block dynamic filter actions 7-28 block-unauthenticated policy action 8-31 boot command 2-9 burn flash 14-22 bypass filter command 7-17 configuring 15-6 definition 1-7, 7-2 deleting 7-19 displaying 7-18 C capture, packets 13-18 caution symbol overview xxix CFE 14-15, 14-21, 14-22 clear ap config command 14-23 clear ap password command 14-23, 14-24 clear counters command 3-14, 13-6 clear log command 13-13 CLI changing prompt 4-33 command shortcuts 3-9 error messages 3-7 getting help 3-8 issuing commands 3-5 TAB completion 3-8 using 3-2 client attack 12-14 client attack mitigated attacks 12-8 command completion 4-18 command line interface See CLI 3-2 command shortcuts 3-9 comparator 7-4 config privilege level 3-2, 4-8 configuration file copying 14-3 exporting 14-4 importing 14-6 viewing 13-2 importing 14-6 saving supervisor engine 2-1 configuration, accessing command mode 4-17 configuration mode 3-3 configure command 3-10 constructing policies 9-6 copy command packet-dump 13-22 copy commands ftp running-config 14-6 log 13-9, 13-12 reports 12-18 running-config 6-16, 14-4 zone log 13-12 copy-from-this 6-8 copy login-banner command 4-42 copy-policies command 9-25 copy wbm-logo command 4-44 counters clearing 3-14, 13-6 history 13-4 counters, viewing 13-4 cpu utilization 13-35 D DDoS attack classification 15-7 overview 1-3 deactivate command 9-10, 10-16 deactivating commands commands, dedactivating 3-6 deactivating protection 10-11 default configuration, returning to 14-23 default-gateway command 3-14 default zone 10-8 description command 6-10 detected anomalies 12-4 flow 12-16 diff command 9-22, 9-23 disable command 8-11 disabling automatic export 14-10 distributed denial of service See DDoS diversion command 5-6, 5-7 configuring inline 5-11 configuring out-of-path 5-15 definition 5-2 hijacking 5-5 injection 5-7, 5-20 mechanism 5-4 network configuration 5-2 restoring default values 5-7 troubleshooting 15-2 viewing advertised routes 5-10, 5-14, 5-19 DNS detected anomalies 12-4 drop statistics 15-10, 15-11 TCP policy templates 8-5 drop dynamic filter action 7-28 policy action 8-32 statistics 15-8 user filter action 7-21 dropped packets learning 9-2 drop-statistics command 15-8 dst traffic characteristics 8-19 dynamic filter 1000 and more 7-30 actions 7-20, 7-28 command 7-32, 7-34 deactivating 7-35 definition 1-7 deleting 7-34, 15-5 displaying 7-29, 15-4 displaying events 13-10 inactivating 15-5 overview 7-2, 7-27 preventing production of 7-35 sorting 7-29 terminating 7-36 zone malicious rate 7-36 dynamic privilege level 3-2, 4-8 E enable command 4-14, 8-11 password command 4-13 enabling services 4-3 even log deactivating 13-9 event log activating 13-9 event monitor command 13-9 export disabling automatic 14-10 export command 14-9 packet-dump 13-21 reports 12-18 exporting configuration file 14-4 log file 13-12 reports automatically 12-18 extracting signatures 13-28 F facility 13-10 file server configuring 14-2 file-server command 14-2 configuring 14-2 deleting 14-3 displaying 14-3, 14-11 file server, displaying sync-config 14-11 filter rate termination threshold 7-36 filters bypass 1-7, 7-17 dynamic 1-7, 7-2, 7-27 flex-content 1-7, 7-4 overview 7-1 user 1-7, 7-20 filter-termination command 7-36 first-hit 4-22, 4-23 fixed-threshold 8-24 flash-burn command 14-22 flex-content filter configuring 7-5 default configuration 13-50 definition 1-7, 7-2 displaying 7-14 dropped 15-8 filtering criteria 7-4 renumbering 7-5 fragments detected anomalies 12-4 policy template 8-5 G generating signatures 13-28 global mode 3-3 global traffic characteristics 8-19 Guard configuring multiple 2-11 self protection 13-49 GUARD_DEFAULT 6-3 GUARD_LINK 6-4 GUARD_TCP_NO_ PROXY 6-4 GUARD_VOIP 6-4 GUARD configuration, importing 6-16 H high availability 2-12 host, logging 13-11 host keys deleting 4-28, 4-29 hostname changing 4-33 command 4-33 HTTP detected anomalies 12-4 policy template 8-5 hw-module command 14-14, 14-15, 14-17, 14-19, 14-24 hw-module commands 2-8 hybrid 12-14 I idle session, configuring timeout 4-46 idle session, displaying timeout 4-46 importing configuration 14-6 importing GUARD configuration 6-16 incoming TCP drop statistics 15-9 injecting VRF 5-22 injecting, tunnel 5-25 inline upgrade 14-19 in packet types 8-18 installation verifying 2-2 interactive operation mode 11-5 policy status 8-34 interactive protection mode 10-4 interactive protect mode 1-6, 10-4 interactive-status command 8-33 interface activating 3-10, 3-11 clearing couters 3-14 command 3-11, 3-12, 3-13 configuration mode 3-3 configuring IP address3-11to 3-13 loopback 3-13 ip address modifying, zone 6-12 IP address command excluding 6-11 ip address command deleting 6-13 interface3-11to 3-13 zone 6-11, 10-3 ip route command 3-15 IP scan detected anomalies 12-4 policy template 8-5 IP threshold configuration 8-27 K key command add 4-30 generate 4-33 remove 4-31 L land attack drop statistics 15-11 layer 3 interface configuring on VLAN 2-6 learning command 9-8, 9-11 constructing policies 9-6 dropped packets 9-2 overview 9-2 policy-construction command 9-6 synchronizing results 9-5 terminating process 9-8, 9-11 threshold-tuning command 9-9, 9-10 tuning thresholds 9-9 learning accept command 9-7, 9-11 learning parameters, displaying 9-13 learning params threshold-selection command 9-15 learning-params deactivating periodic action 9-11 deactivating periodic-action command 9-7 periodic-action command 9-7, 9-11, 9-14 threshold-multiplier command 8-25 threshold-selection command 9-11 threshold-tuned command 6-12, 9-17 learning-params fixed-threshold command 8-24 LINK templates 9-6 load sharing 2-11 log displaying subzones 10-11 log file clearing 13-13 exporting 13-9, 13-12 viewing 13-11 logging, viewing configuration 13-11 logging command 13-10 login banner configuring 4-41 deleting 4-43 importing 4-42 login-banner command 4-41 logo, adding WBM 4-44 logo, deleting WBM 4-46 loopback interface 3-13 M maintenance partition See MP malformed packets 12-14 mitigated attacks 12-10 malformed packets drop statistics 15-12 malicious packets statistics attack report 12-3 malicious rate termination threshold 7-35 management overview 3-17 port 2-3, 3-9, 3-11 SSH 3-19 VLAN 2-3 WBM 3-18 max-services command 8-10 memory consumption 13-34 memory usage, anomaly detection engine 13-35, 13-37 MIB, supported 4-2 min-threshold command 8-10 mitigated attacks client attack 12-8 malformed packets 12-10 overview 12-5 spoofed 12-6 user defined 12-9 monitoring network traffic 13-21, 13-22 MP booting to 2-9 upgrading 14-16 upgrading, inline 14-19 mtu command 3-11, 3-12 multiple Guards configuring 2-11 N netstat command 13-41 network server configuring 14-2 deleting 14-3 displaying 14-3, 14-11 network server, displaying sync-config 14-11 no learning command 9-8, 9-11 non DNS drop statistics 15-10 no proxy policy templates 8-7 note symbol overview xxix notify 12-12 notify policy action 8-32 ns policy templates 8-7 num_sources packet type 8-18 O on-demand 10-3 other protocols detected anomalies 12-4 policy template 8-5 other protocols drop statistics 15-9 out_pkts packet types 8-18 outgoing TCP drop statistics 15-9 P packet-dump auto-capture command 13-17 automatic activating 13-15 deactivating 13-17 displaying settings 13-17 exporting 13-21, 13-22, 14-9 signatures 13-29 packet-dump command 13-18 packets, capturing 13-18 password changing 4-9 enabling 4-13 encrypted 4-9 recovering 14-23, 14-24 password, recovering 14-24 pending dynamic filters 11-2 displaying 11-4, 11-8 periodic action accepting policies automatically 9-11 acepting policies automatically 9-7 deactivating 9-7, 9-11 permit command 3-18, 3-19, 4-3 user filter action 7-21 permit ssh command 4-29 ping command 13-46 pkts packet type 8-18 policy action 8-21, 8-31, 8-32 activating 8-21 adding services 8-14 backing up current 8-39, 9-21, 9-27 command 8-20 configuration mode 3-4 constructing 1-5, 8-4, 9-3, 9-6 copying parameters 9-25 copy-policies 9-25 deleting services 8-15 disabling 8-21 inactivating 8-21 learning-params, fixed-threshold command 8-24 marking as tuned 6-12, 9-17 marking threshold as fixed 8-24 multiplying thresholds 8-26, 15-4, 15-5 navigating path 8-20 packet types 8-17 proxy threshold 8-29 show statistics 8-36 state 8-21 structure 8-2 threshold 8-4, 8-21, 8-23 threshold-list command 8-27 timeout 8-21, 8-29 traffic characteristics 8-19 tuning thresholds 1-5, 8-4, 9-3, 9-9 using wildcards 8-21, 8-35, 8-37 viewing 15-4 viewing statistics 9-12 policy set-timeout command 8-30 policy template command 8-8, 8-9, 8-11 configuration command level 8-9 configuration mode 3-4 displaying list 8-8 max-services 8-10 min-threshold 8-10 overview 8-4, 8-13 parameters 8-8 state 8-11 policy-template add-service command 8-15 policy-template remove service command 8-15 port data 3-9, 3-11 management 3-9, 3-11 port scan detected anomalies 12-4 policy template 8-5 power enable command 2-9 privilege levels 3-2 assigning passwords 4-13 moving between 4-14 protect activating 3-16 automatic mode 1-6, 10-4 command 10-14 deactivating 10-16 deactivating automatically 10-11 entire zone 10-14 inactivity timeout 10-11 interactive mode 1-6, 10-4 on-demand 10-3 specific IP 10-15 specific ip address 10-15 specific zone IP 10-14 specific zone ip address 10-14 protect command 10-16 protection activation sensitivity 10-8 protection-end-timer command 10-11 protection level analysis 1-7, 8-17 basic 1-7, 8-17 strong 1-8, 8-17 protection levels overview 8-17 protect learning command 9-9 protect-packet command 10-8 protocol traffic characteristics 8-19 proxy command 3-17 configuring 3-16 no proxy policy templates 8-7 proxy-threshold command 8-29 public-key displaying 4-32 R rate-limit command 6-10, 7-17 Rate Limiter dropped 15-8 rates history 13-4 rates, viewing 13-4 reactivate-zones 14-11 rebooting parameters 14-11 recommendations accepting 11-10 activating 11-5, 11-9 change decision 8-33 command 11-9 deactivating 11-4, 11-11 displaying 11-2 ignoring 11-10 overview 11-2 receiving notification 11-2 viewing 11-5 viewing pending-filters 11-4, 11-8 redirect/zombie dynamic filter action 7-28 policy action 8-32 redundancy 2-11, 2-12 reload command 14-11 remove service command 8-15 renumbering flex-content filters 7-5 renumbering user filters 7-22 replied packets 12-3 report See attack report 12-1 reports details 12-13 displaying subzones 10-11 exporting 14-9 reqs packet type 8-18 reset command 2-8 router configuration mode 3-3 routing table manipulation 3-15 viewing 3-16 RTP/RTCP 6-4 running-config copy 6-16, 14-4, 14-6 show 13-2 S self-protection command 13-49 service adding 8-14 command 3-18, 4-3 copy 9-25 deleting 8-15 permissions 4-3 snmp-trap 4-34 wbm 3-18 services enabling 4-3 session, configuring timeout 4-46 session, displaying idle timeout 4-46 session timeout, disableling 4-46 session-timeout command 4-46 set-action 8-32 show commands counters 13-4 cpu 13-35 diagnostic-info 13-33 drop-statistics 15-8 dynamic-filters 7-29, 15-4 file-servers 14-3, 14-11 flex-content-filter 7-14 host-keys 4-29 learning parameters 9-13 learning-params 8-24 log 13-11 log export-ip 13-11 logging 13-11 login-banner 4-42 memory 13-35 module 2-2, 14-14, 14-17 packet-dump 13-17 packet-dump signatures 13-29 policies 8-35, 15-3, 15-4 policies statistics 8-36, 9-12 public-key 4-32 rates 13-4, 15-1 recommendations 11-6, 11-7 recommendations pending-filters 11-4, 11-8 reports 15-6 reports details 12-13 running-config 13-2 show 13-3 sorting dynamic-filters 7-29 sync-config file-servers 14-11 templates 6-7 zone policies 8-35 show privilege level 3-2, 4-9 show public-key command 4-33 shutdown command 3-11 signature generating 13-28 SIP detected anomalies 12-5 drop statistics 15-11 malformed packets 12-11 policy template 8-6 spoofed attacks 12-8 user filter action 7-21 zone template 6-4 snapshot backing up policies 8-39, 9-21, 9-27 command 9-20 comparing 9-22 deleting 9-25 displaying 9-23 saving 9-20, 9-21 snapshot command 9-19 snapshots save periodically 9-14 SNMP accessing 4-2 configuring trap generator 4-34 traps description 4-36 snmp commands community 4-40 trap-dest 4-34 specific IP threshold 8-27 spoofed attack 12-14 spoofed attacks 12-6 src traffic characteristics 8-19 SSH configuring 3-19 deleting keys 4-31 generating key 4-33 service 3-19 state command 8-21, 15-5 static route adding 3-15 strong dynamic filter action 7-28 policy action 8-31 protection level 1-8, 8-17 user filter action 7-22 sub zone 10-9, 10-10 subzone displaying logs and attack reports 10-11 supervisor engine booting 2-9 configuring 2-1 configuring VLANs 2-4 powering off 2-9 resetting 2-8 saving configuration 2-1 shutting down 2-8 verifying configuration 2-10 supervisor module supported versions 14-12 syn_by_fin packet type 8-18 syns packet type 8-18 syslog configuring export parameters 13-10 configuring server 13-11 message format 13-10 system log message format 13-10 T TACACS+ authentication key generate command 4-26, 4-29 clearing statistics 4-24 configuring search 4-22 configuring server 4-19 server connection timeout 4-23 server encryption key 4-21 server IP address 4-21 viewing statistics 4-24 tacacs-server commands clear statistics 4-24 first-hit 4-20, 4-22, 4-23 host 4-20, 4-21 key 4-20, 4-21 show statistics 4-24 timeout 4-20, 4-23 TCP detected anomalies 12-4 drop statistics 15-9, 15-11 no proxy policy templates 8-7 policy templates 8-5 templates LINK 9-6 viewing policies 6-7 zone 6-3 thresh-mult 8-26, 15-4, 15-5 threshold command 8-23 configuring IP threshold 8-27 configuring list 8-27 configuring specific IP 8-27 filter rate termination 7-36 malicious rate termination 7-35 marking as tuned 6-12, 9-17 multiplying 15-4, 15-5 multiplying before accepting 8-25 selection 9-20 setting as fixed 8-24 tuning 1-5, 9-3 threshold-list command 8-27 threshold selection 9-11 threshold tuning save results periodically 9-14 timeout command 8-29 timeout session, configuring 4-46 timeout session, disabling 4-46 timesaver symbol overview xxix tip symbol overview xxix to-user-filters dynamic filter action 7-28 policy action 8-31 traceroute command 13-44 traffic monitoring 13-21, 13-22 trap 13-10 trap-dest 4-34 tuning policy thresholds 9-9 U UDP detected anomalies 12-5 drop statistics 15-10 policy templates 8-6 unauthenticated drop statistics 15-9 unauth_pkts packet type 8-18 unauthenticated TCP detected anomalies 12-5 upgrade command 14-24 upgrading AP 14-14 inline 14-19 MP 14-16 user detected anomalies 12-5 user defined mitigated attacks 12-9 user filter actions 7-20, 7-21, 7-28 command 7-5, 7-22, 7-23 configuring 7-20 definition 1-7, 7-2 deleting 7-27 displaying 7-25 renumbering 7-22 username encrypted password 4-9 username command 4-8 users adding 4-8 adding new 4-8 assigning privilege levels 4-7 deleting 4-11 privilege levels 3-2, 4-12 system users admin 2-7 riverhead 2-7 username command 4-8 V version, upgrading 14-24 VLAN administrative 2-5 assigning 2-5 configuring 3-12 configuring layer 3 interface 2-6 configuring on supervisor engine 2-4 Voice over IP See VoIP VoIP detected anomalies 12-5 drop statistics 15-11 malformed packets 12-11 policy template 8-6 spoofed attacks 12-8 user filter action 7-21 zone template 6-4 VPN Routing and Forwarding, See VRF VRF, configuring injection 5-22 W WBM activating 3-18 WBM logo adding 4-44 deleting 4-46 X XML schema12-18to 12-21, 13-21, 14-10 Z zombie 12-14 packet counter 13-5 zombie attack 12-16 zone blocking criteria 15-4 blocking flows 15-2 clearing counters 13-6 command 6-6, 6-8, 11-5 command completion 4-18, 6-9 comparing 9-23 configuration mode 3-4, 6-9 copying 6-8 creating 6-6 creating default 10-8 defining IP address 6-11 definition 1-3, 6-2 deleting 6-7 deleting IP address 6-13 duplicating 6-8 excluding IP address 6-11 IP address 6-11 learning 9-2 LINK templates 9-6 malicious rate 10-12 modifying IP address 6-12 operation mode 6-7 protecting 10-2 reconfiguring 6-9 sub 10-9, 10-10 synchronize configuration 6-13 synchronizing offline 6-15 templates 6-3 viewing configuration 6-11 viewing policies 8-34 viewing status 13-3 zone-malicious-rate 7-36 zone policy marking as tuned 6-12, 9-17 zone protection terminating 10-11, 10-16
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.