-
Installing and Using Cisco Intrusion Prevention System Device Manager 5.0
-
Preface
-
Getting Started
-
Setting Up the Sensor
-
Configuring Interfaces
-
Configuring the Analysis Engine
-
Defining Signatures
-
Creating Custom Signatures
-
Configuring Event Action Rules
-
Configuring Blocking
-
Configuring SNMP
-
Maintaining the Sensor
-
Monitoring the Sensor
-
Obtaining Software
-
System Architecture
-
Signature Engines
-
Troubleshooting
-
Glossary
-
Index
-
Table Of Contents
B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W -
Index
accessing IPS software 12-1
access list misconfiguration C-6
ACLs
explaining 8-2
Active Host Blocks panel
button functions 8-27
configuring 8-28
described 8-26
field descriptions 8-27
user roles 8-27
active update bulletins 12-11
Add/Clone/Edit Signature dialog boxes
button functions 5-7
field descriptions 5-7
icon descriptions 5-7
Add/Edit Allowed Host dialog boxes
button functions 2-5
field definitions 2-5
Add/Edit Authorized Key dialog boxes
button functions 2-9
field definitions 2-9
Add/Edit Blocking Device dialog boxes
button functions 8-12
field descriptions 8-12
Add/Edit IP Logging dialog boxes
button functions 11-4
field descriptions 11-4
Add/Edit Known Host Key dialog boxes
button functions 2-12
field definitions 2-12
Add/Edit Never Block Address dialog boxes
button functions 8-6
field descriptions 8-6
Add/Edit Signature Variable dialog boxes
button functions 5-3
field descriptions 5-3
Add/Edit Target Value Rating dialog boxes
button functions 7-9
field descriptions 7-9
Add/Edit User dialog boxes
button functions 2-26
field definitions 2-26
Add Trusted Host dialog box
button functions 2-16
field descriptions 2-16
Administrators privileges A-28
Advanced Alert Behavior Wizard
Alert Dynamic Response Fire All window
button functions 6-20
field descriptions 6-20
Alert Dynamic Response Fire Once window
button functions 6-21
field descriptions 6-21
Alert Dynamic Response Summary window
button functions 6-19
field descriptions 6-19
Alert Summarization window
button functions 6-19
field descriptions 6-19
Event Count and Interval window
button functions 6-18
field descriptions 6-18
Global Summarization window
button functions 6-21
field descriptions 6-21
advisory for cryptographic products 1-1
AIC.FTP engine parameters (table) B-8
AIC.HTTP engine parameters (table) B-7
AIC engine
AIC.FTP B-6
AIC.HTTP B-6
defined B-6
features B-6
AIP-SSM
recovering C-45
resetting C-45
time sources 2-20
alarm channel described A-25
Allowed Hosts panel
button functions 2-5
configuring 2-6
described 2-4
field definitions 2-5
user roles 2-5
analysis engine
described 4-1
global variables 4-4
virtual sensor 4-1
Analysis Engine busy IDM exits C-37
appliances and time sources 2-19
application partition described A-3
applications XML format A-2
applying software updates C-31
ASDM
certificates 1-13
described A-4
TLS/SSL 1-13
assigning interfaces to the virtual sensor 4-3
ATOMIC.ARP engine
described B-9
parameters (table) B-9
ATOMIC.IP engine
described B-9
parameters (table) B-9
attack severity rating see SFR
AuthenticationApp
authenticating users A-21
described A-3
login attempt limit A-20
method A-20
responsibilities A-20
secure communications A-21
sensor configuration A-20
Authorized Keys panel
button functions 2-8
configuring 2-9
described 2-7
field definitions 2-8
RSA authentication 2-7
RSA key generation tool 2-9
user roles 2-8
automatic updates
Cisco.com 10-4
described C-32
servers
FTP 10-4
SCP 10-4
Auto Update panel
button functions 10-5
configuring 10-5
described 10-4
field descriptions 10-5
user roles 10-5
B
back door Trojan BO2K B-34
BackOrifice protocol B-34
blocking
disabling 8-5
explaining 8-1
master blocking sensor 8-23
necessary information 8-2
prerequisites 8-3
supported devices 8-3
types 8-1
Blocking Devices panel
button functions 8-11
configuring 8-12
described 8-11
field descriptions 8-11
ssh host-key command 8-12, 8-28, 8-31
user roles 8-11
blocking not occurring for signature C-21
Blocking Properties panel
button functions 8-5
configuring 8-6
described 8-4
field descriptions 8-5
user roles 8-5
bypass mode
described 3-10
function 3-1
understanding 3-10
Bypass mode described A-3
Bypass panel
button functions 3-11
field descriptions 3-11
user roles 3-11
C
cannot access sensor C-4
Cat 6K Blocking Device Interfaces panel
button functions 8-20
configuring 8-21
described 8-19
field descriptions 8-20
user roles 8-20
VACLs
Post-Block 8-19
Pre-Block 8-19
certificates
Internet Explorer 1-14
Mozilla 1-16
Netscape 1-16
changing the memory
Java Plug-in on Linux 1-3, C-35
Java Plug-in on Solaris 1-3, C-35
Java Plug-in on Windows 1-3, C-35
CIDEE
defined A-35
example A-35
IPS extensions A-35
protocol A-35
supported IPS events A-35
Cisco.com
accessing software 12-1
Active Update Bulletins 12-11
downloading software 12-1
IPS software 12-1
software downloads 12-1
Cisco Security Center
described 12-12
URL 12-12
Cisco Services for IPS
service contract 12-7
supported products 12-7
clear events command 2-24, C-66
clearing
events C-66
statistics C-53
CLI behavior
case sensitivity A-31
described A-30
display options A-31
help A-30
prompts A-30
recall A-30
tab completion A-30
commands
copy license-key 12-9
debug module-boot C-45
hw-module module 1 reset C-45
setup 1-5
show events C-63
show module 1 details C-44
show statistics C-53
show statistics virtual-sensor C-53
show tech-support C-47
show version C-50
Configure Summertime dialog box
button functions 2-22
field definitions 2-22
configuring
active host blocks 8-28
blocking devices 8-12
blocking properties 8-6
Cat 6K blocking device interfaces 8-21
device login profiles 8-10
event action filters 7-19
event action overrides 7-13
event action rules general settings 7-22
events 7-24
event variables 7-7
interface pairs 3-9
interfaces 3-7
IP logging 11-5
master blocking sensor 8-24
network blocks 8-31
router blocking device interfaces 8-18
SNMP 9-3
SNMP traps 9-5
target value rating 7-10
traffic flow notifications 3-12
TVR 7-10
control transactions
characteristics A-8
request types A-8
copy license-key command 12-9
correcting time on the sensor 2-24
creating
custom signatures
not using signature engines 6-2
using signature engines 6-1
cryptographic products and IDM 1-1
CtlTransSource
illustration A-11
Ctrl-N A-30
Ctrl-P A-30
Custom Signature Wizard
Alert Behavior window button functions 6-17
Alert Response window
button functions 6-17
field descriptions 6-17
Atomic IP Engine Parameters window
button functions 6-6
field descriptions 6-6
described 6-1
ICMP Traffic Type window
button functions 6-14
field descriptions 6-14
Inspect Data window
button functions 6-16
field descriptions 6-16
MSRPC Engine Parameters window
button functions 6-8
field descriptions 6-8
no signature engine sequence 6-2
Protocol Type window
button functions 6-5
field descriptions 6-5
Service HTTP Engine Parameters window
button functions 6-7
field descriptions 6-7
Service RPC Engine Parameters window
button functions 6-9
field descriptions 6-9
Service Type window
button functions 6-16
field descriptions 6-16
signature engine sequence 6-1
Signature Identification window
button functions 6-5
field descriptions 6-5
State Engine Parameters window
button functions 6-10
field descriptions 6-10
String ICMP Engine Parameters window
button functions 6-11
field descriptions 6-11
String TCP Engine Parameters window
button functions 6-11
field descriptions 6-11
String UDP Engine Parameters window
button functions 6-12
field descriptions 6-12
Sweep Engine Parameters window
button functions 6-13
field descriptions 6-13
TCP Sweep Type window
button functions 6-16
field descriptions 6-16
TCP Traffic Type window
button functions 6-15
field descriptions 6-15
UDP Sweep Type window
button functions 6-15
field descriptions 6-15
UDP Traffic Type window
button functions 6-14
field descriptions 6-14
user roles 6-3
Welcome window
button functions 6-4
field descriptions 6-4
D
data structures examples A-8
DDOS protocol B-34
debug-module-boot command C-45
defaults restoring 10-6
denied attackers
clearing list 11-2
hit count 11-1
resetting hit counts 11-2
Denied Attackers panel
button functions 11-2
described 11-1
field descriptions 11-2
user roles 11-1
using 11-2
device access issues C-18
Device Login Profiles panel
button functions 8-8
configuring 8-10
described 8-7
field descriptions 8-8
user roles 8-8
diagnostics report 10-13
Diagnostics Report panel
button functions 10-13
described 10-13
user roles 10-13
using 10-13
disabling blocking 8-5
disaster recovery C-2
displaying
events C-64
statistics C-53
tech support information C-47
version C-50
downloading software 12-1
duplicate IP addresses C-7
E
enabling debug logging C-23
Encryption Software Export Distribution Authorization 12-2
event action filters
configuring 7-19
understanding 7-3
Event Action Filters panel
button functions 7-15
configuring 7-19
described 7-15
field descriptions 7-15
user roles 7-15
event action overrides
configuring 7-13
understanding 7-2
Event Action Overrides panel
button functions 7-11
configuring 7-13
described 7-11
field descriptions 7-11
user roles 7-11
event action rules
example 7-4
functions 7-1
understanding 7-1
Events panel
button functions 7-23
configuring 7-24
described 7-23
field descriptions 7-23
user roles 7-23
Event Store
clearing events 2-24
data structures A-8
described A-2
examples A-7
responsibilities A-7
timestamp A-7
event types C-63
event variables
configuring 7-7
example 7-6
Event Variables panel
button functions 7-6
configuring 7-7
described 7-5
field descriptions 7-6
user roles 7-6
F
FLOOD.HOST engine parameters (table) B-10
FLOOD.NET engine parameters (table) B-10
FLOOD engine described B-10
G
general settings described 7-21
General Settings panel
configuring 7-22
user roles 7-21
generating a diagnostics report 10-13
Global Variables panel
button functions 4-4
described 4-4
field definitions 4-4
user roles 4-4
H
H.225.0 protocol B-17
H.323 protocol B-17
H225 engine
ASN.1PER validation B-18
described B-17
features B-18
parameters (table) B-18
TPKT validation B-18
help
question mark A-30
using A-30
HTTP deobfuscation
ASCII normalization B-19
described B-19
hw-module module 1 reset command C-45
I
IDAPI A-31
described A-3
functions A-31
illustration A-31
responsibilities A-31
IDCONF
example A-34
RDEP2 A-34
XML A-34
IDIOM
defined A-34
messages A-34
IDM
advisory 1-1
certificates 1-13
cookies 1-13
cryptographic products 1-1
error message Analysis Engine is busy C-37
GUI 1-2
introducing 1-2
prerequisites 1-11
system requirements 1-2
TLS/SSL 1-13
user interface 1-2
validating
Internet Explorer certificate fingerprints 1-14
Mozilla certificate fingerprints 1-16
Netscape certificate fingerprints 1-16
Web browsers 1-2
will not load clear Java cache C-36
IDSM-2 and time sources 2-19
IDSM-2 command and control port C-42
IDSM-2 not online C-42
initialization verifying 1-10
initializing the sensor 1-4, 1-5, 2-1
inline mode
explaining 3-1
understanding 3-2
inline pairs explaining 3-1
installing
license key 12-10
sensor license 1-19, 10-3, 12-8
InterfaceApp described A-2
interface pairs
configuring 3-9
explaining 3-8
Interface Pairs panel
button functions 3-8
configuring 3-9
described 3-8
field descriptions 3-8
user roles 3-8
interfaces configuring 3-7
Interfaces panel
button functions 3-5
configuring 3-7
described 3-4
field descriptions 3-5
user roles 3-5
interface support (table) 3-3
Internet Explorer validating certificate fingerprints 1-14
IP logging
event actions 11-3
explaining 11-2
system performance 11-3
IP Logging panel
button functions 11-4
configuring 11-5
described 11-3
field descriptions 11-4
user roles 11-3
IP logs
circular buffer 11-2
states 11-2
TCPDump 11-3
viewing 11-5
Wireshark 11-3
IPS
external communications A-32
internal communications A-31
IPS applications
summary A-37
table A-37
XML format A-2
IPS data
types A-8
XML document A-8
IPS events
listed A-9
types A-9
IPS software
application list A-2
available files 12-1
configuring device parameters A-4
directory structure A-36
Linux OS A-1
new features A-3
obtaining 12-1
platform-dependent release examples 12-5
retrieving data A-5
security features A-5
tuning signatures A-5
updating A-5
user interaction A-4
versioning scheme 12-3
J
Java Plug-in
K
Known Host Keys panel
button functions 2-11
configuring 2-12
described 2-10
field definitions 2-11
user roles 2-11
L
license key
installing 12-10
status 12-7
trial 12-6
licensing
described 12-6
IPS device serial number 1-17, 10-1, 12-6
Licensing pane
configuring 12-8
described 12-6
Licensing panel
LogApp
functions A-19
syslog messages A-20
logging in to IDM 1-12
LOKI protocol B-34
M
MainApp A-6
applications A-6
described A-2
host statistics A-6
responsibilities A-6
show version command A-6
maintenance partition described A-3
manual block to bogus host C-20
master blocking sensor
blocking forward sensors 8-23
described 8-23
Master Blocking Sensor panel
button functions 8-23
configuring 8-24
described 8-23
field descriptions 8-23
user roles 8-23
MASTER engine
alert frequency B-4
alert frequency parameters (table) B-5
defined B-3
general parameters (table) B-4
promiscuous delta B-3
universal parameters B-3
MBS not set up properly C-22
META engine
described B-11
parameters (table) B-11
Miscellaneous panel
button functions 5-18
configuring
application policy 5-19
IP fragment reassembly 5-20
IP logging 5-20
TCP stream reassembly 5-20
described 5-17
field descriptions 5-18
user roles 5-18
modes
promiscuous 3-1
monitoring
events 7-24
Viewer privileges A-28
Mozilla validating certificate fingerprints 1-16
N
Netscape validating certificate fingerprints 1-16
Network Access Controller
authentication A-15
blocking
connection-based A-17
unconditional blocking A-17
blocking application 8-1
block response A-13
Catalyst 6000 series switch
VACL commands A-19
VACLs A-19
Catalyst switches
VACLs A-16
VLANs A-16
checking status 8-2
described A-2
devices supported 8-3
features A-13
firewalls
AAA A-18
connection blocking A-18
NAT A-18
network blocking A-18
postblock ACL A-16
preblock ACL A-16
shun command A-18
TACACS+ A-18
illustration A-12
interfaces A-14
maintaining states A-16
managed devices 8-4
master blocking sensors A-14
nac.shun.txt file A-16
NAT addressing A-15
number of blocks A-15
postblock ACL A-16
preblock ACL A-16
responsibilities A-12
single point of control A-15
SSH A-13
supported devices A-15
Telnet A-13
VACLs A-14
Network Blocks panel
button functions 8-30
configuring 8-31
described 8-29
field descriptions 8-30
user roles 8-30
Network panel
button functions 2-2
configuring 2-3
described 2-2
field definitions 2-2
TLS/SSL 2-3
user roles 2-2
Network Timing Protocol see NTP
never block
hosts 8-4
networks 8-4
NM-CIDS and time sources 2-20
NORMALIZER engine
described B-12
IP fragment reassembly B-12
parameters (table) B-13
TCP stream reassembly B-12
NotificationApp
alert information A-9
described A-2
functions A-9
SNMP gets A-9
SNMP traps A-9
statistics A-11
system health information A-10
NTP
explaining 2-19
time synchronization 2-19
O
Operators privileges A-28
output
clearing current line A-31
displaying A-31
P
partitions
application A-3
maintenance A-3
recovery A-3
passwords and the service account 1-5
PEP described A-4
physical connectivity issues C-10
prerequisites for blocking 8-3
promiscuous mode described 3-1
prompts and the default input A-30
Q
Q.931 protocol
described B-17
SETUP messages B-17
R
RDEP2 A-32
described A-3
functions A-32
messages A-32
responsibilities A-32
rebooting the sensor 10-8
Reboot Sensor panel
button functions 10-8
configuring 10-8
described 10-8
user roles 10-8
recall
help and tab completion A-30
using A-30
recovering AIP-SSM C-45
recovery partition described A-3
reset not occurring for a signature C-29
resetting AIP-SSM C-45
Restore Defaults panel
button functions 10-7
configuring 10-7
described 10-6
user roles 10-7
restoring defaults 10-7
retrieving events through RDEP2 (illustration) A-32
Router Blocking Device Interfaces panel
button functions 8-16
configuring 8-18
described 8-15
field descriptions 8-16
user roles 8-16
RPC portmapper B-24
RR
calculating 7-2
described A-3
example 7-5
S
SDEE
defined A-35
HTTP A-35
protocol A-35
SDEE Server requests A-35
SEAF
described A-25
parameters A-25
SEAO described A-25
SEAP
alarm channel A-25
components A-25
described A-23
flow of signature events A-25
function A-25
illustration A-25
security information and Cisco Security Center 12-12
sending commands through RDEP2 (illustration) A-33
sensor
blocking itself 8-4
diagnostics report 10-13
initializing 2-1
rebooting 10-8
restoring defaults 10-7
setting up 2-1
shutting down 10-9
statistics 10-15
system information 10-16
SensorApp
Alarm Channel A-24
Analysis Engine A-24
described A-3
event action filtering A-27
hold down timer A-27
inline packet processing A-26
IP normalization A-27
new features A-26
packet flow A-24
processors A-23
responsibilities A-23
RR A-27
SEAP A-23
TCP normalization A-27
Sensor Key panel
button functions 2-14
described 2-13
field descriptions 2-14
sensor SSH key
displaying 2-14
generating 2-14
user roles 2-14
sensor not seeing packets C-13
sensor process not running C-8
sensors
interface support 3-3
license 12-8
NTP time synchronization 2-19
partitions A-3
recovering the system image 12-6
reimaging 12-6
time sources 2-19
Server Certificate panel
button functions 2-17
certificate
displaying 2-18
generating 2-18
described 2-17
field descriptions 2-17
user roles 2-17
SERVICE.DNS engine
described B-14
parameters (table) B-14
SERVICE.FTP engine
described B-15
parameters (table) B-16
SERVICE.GENERIC engine
described B-16
parameters (table) B-16
SERVICE.HTTP engine
described B-19
parameters (table) B-20
SERVICE.IDENT engine
described B-21
parameters (table) B-21
SERVICE.MSRPC engine
DCS/RPC protocol B-22
described B-22
SERVICE.MSSQL engine
described B-23
MS SQL protocol B-23
parameters (table) B-23
SERVICE.NTP engine
described B-23
parameters (table) B-23
SERVICE.RPC engine
described B-24
parameters (table) B-24
RPC portmapper B-24
SERVICE.SMB engine
described B-24
parameters (table) B-25
SERVICE.SNMP engine
described B-26
parameters (table) B-27
SERVICE.SSH engine
described B-27
parameters (table) B-27
service account
described A-29
privileges A-29
TAC A-29
troubleshooting A-29
Service privileges A-29
setting up the sensor 2-1
SFR
described 7-2
show events command C-63
show events command described C-63
show interfaces command C-61
show module 1 details command C-44
show statistics command C-52, C-53
show statistics virtual-sensor command C-53
show tech-support command C-47
described C-47
output C-48
show version command C-50
described C-50
Shut Down Sensor panel
button functions 10-9
configuring 10-9
described 10-9
user roles 10-9
shutting down the sensor 10-9
Signature Configuration panel
assigning actions 5-16
button functions 5-6
described 5-5
field descriptions 5-6
signatures
activating 5-15
adding 5-11
cloning 5-12
disabling 5-15
enabling 5-15
retiring 5-15
tuning 5-14
user roles 5-5
signature engines
AIC B-7
ATOMIC B-8
ATOMIC.ARP B-9
ATOMIC.IP B-9
creating custom signatures 6-1
defined B-1
event actions B-5
FLOOD B-10
FLOOD.HOST B-10
FLOOD.NET B-10
H225 B-17
list B-1
META B-11
NORMALIZER B-12
SERVICE.DNS B-14
SERVICE.FTP B-15
SERVICE.GENERIC B-16
SERVICE.HTTP B-19
SERVICE.IDENT B-21
SERVICE.MSRPC B-22
SERVICE.MSSQL B-23
SERVICE.NTP engine B-23
SERVICE.RPC B-24
SERVICE.SMB B-24
SERVICE.SNMP B-26
SERVICE.SSH engine B-27
STATE B-28
STRING B-29
SWEEP B-31
TRAFFIC.ICMP B-33
TROJAN B-34
TROJAN.BO2K B-34
TROJAN.TFN2K B-34
TROJAN.UDP B-34
Signature Event Action Processor see SEAP
signature fidelity rating see SFR
signatures
custom 5-2
default 5-1
explaining 5-1
false positives 5-1
subsignatures 5-1
tuned 5-1
signature variables described 5-2
Signature Variables panel
button functions 5-3
configuring 5-3
field descriptions 5-3
user roles 5-2
SNMP
configuring 9-3
Get 9-1
GetNext 9-1
Set 9-1
Trap 9-1
understanding 9-1
SNMP General Configuration panel
button functions 9-2
configuring 9-3
described 9-2
field descriptions 9-2
user roles 9-2
SNMP traps
configuring 9-5
understanding 9-1
SNMP Traps Configuration panel
button functions 9-4
configuring 9-5
described 9-4
field descriptions 9-4
user roles 9-4
software architecture
IDAPI (illustration) A-31
Network Access Controller (illustration) A-13
RDEP2 (illustration) A-33
software downloads Cisco.com 12-1
SPAN port issues C-10
SSH described 2-7
SSH Server
private keys A-21
public keys A-21
STATE engine
Cisco Login B-28
described B-28
LPR Format String B-28
parameters (table) B-28
SMTP B-28
Statistics panel
button functions 10-15
described 10-14
user roles 10-14
using 10-15
statistics viewing 10-15
STRING.ICMP engine parameters (table) B-30
STRING.TCP engine parameters (table) B-30
STRING.UDP engine parameters (table) B-31
STRING engine described B-29
summarization
Engine.META 7-3
explaining 7-3
Fire All 7-4
Fire Once 7-4
Global Summarization 7-4
Summary 7-4
SWEEP engine
described B-31
parameters (table) B-32
switch commands for troubleshooting C-39
syntax case sensitivity A-31
system architecture
directory structure A-36
supported platforms A-1
system components for IDAPI A-32
system design (illustration) A-1
system information
viewing 10-16
System Information panel
button functions 10-16
described 10-15
user roles 10-16
using 10-16
system requirements for IDM 1-2
T
tab completion using A-30
TAC
service account A-29
show tech-support command C-47
target value rating
configuring 7-10
Target Value Rating panel
button functions 7-9
configuring 7-10
field descriptions 7-9
user roles 7-8
TCP reset interface conditions 3-4
TFN2K protocol B-33
time correction on the sensor 2-24
Time panel
button functions 2-21
configuring 2-23
described 2-18
user roles 2-21
time sources
AIP-SSM 2-20
appliances 2-19
IDSM-2 2-19
NM-CIDS 2-20
TLS
certificates 1-13
handshaking 1-14
TRAFFIC.ICMP engine
DDOS B-33
described B-33
LOKI B-33
parameters (table) B-34
TFN2K B-33
traffic flow notifications configuring 3-12
Traffic Flow Notifications panel
button functions 3-12
configuring 3-12
described 3-11
field descriptions 3-12
user roles 3-12
Transport Layer Security see TLS
trial license key 12-6
Tribe Flood Net 2000 protocol B-33
TROJAN.BO2K engine described B-34
TROJAN.TFN2K engine described B-34
TROJAN.UDP engine described B-34
TROJAN engine
BO2K B-34
described B-34
TFN2K B-34
troubleshooting
accessing files on FTP site C-67
access list misconfiguration C-6
AIP-SSM
commands C-44
debugging C-45
recovering C-45
reset C-45
Analysis Engine busy C-37
applying software updates C-31
automatic update C-32
blocking not occurring for signature C-21
cannot access sensor C-4
cidDump script C-67
cidLog messages to syslog C-28
communication C-4
corrupted SensorApp configuration C-14
debug logger zone names (table) C-27
device access issues C-18
disaster recovery C-2
duplicate IP address C-7
enabling debug logging C-23
faulty DIMMs C-15
gathering information C-46
IDM cannot access sensor C-37
IDM will not load C-36
IDSM-2
command and control port C-42
diagnosing problems C-39
not online C-42
serial cable C-44
switch commands C-39
TCP reset port C-44
manual block to bogus host C-20
MBS not set up properly C-22
NTP C-29
physical connectivity issues C-10
preventive maintenance C-1
reset not occurring for a signature C-29
sensor events C-63
sensor not seeing packets C-13
sensor process not running C-8
show events command C-62
show interfaces command C-61
show statistics command C-52
show tech-support command C-47
show tech-support command output C-48
show version command C-50
software upgrade
IDS-4235 C-31
IDS-4250 C-31
on sensor C-33
software upgrades C-31
SPAN port issue C-10
unable to see alerts C-11
uploading files to FTP site C-67
using debug logging C-23
Trusted Hosts panel
button functions 2-15
configuring 2-16
described 2-15
field descriptions 2-15
user roles 2-15
TVR
configuring 7-10
described 7-2
explaining 7-8
U
understanding
bypass mode 3-10
SSH 2-7
time on the sensor 2-19
Update Sensor panel
button functions 10-10
configuring 10-11
described 10-10
field descriptions 10-10
user roles 10-10
updating
Cisco.com 10-10
FTP server 10-10
updating the sensor 10-11
upgrading
4.1 to 5.0 12-5
minimum required version 12-5
URLs for Cisco Security Center 12-12
user roles
Administrator A-28
Operator A-28
Service A-28
Viewer A-28
Users panel
button functions 2-26
configuring 2-27
description 2-25
field definitions 2-26
using
debug logging C-23
TCP reset interface 3-4
V
VACLs
explaining 8-2
Post-Block 8-19
Pre-Block 8-19
verifying
sensor initialization 1-10
sensor setup 1-10
Viewers privileges A-28
viewing
IP logs 11-5
statistics 10-15
system information 10-16
viewing statistics 10-15
virtual sensor and assigning interfaces 4-3
Virtual Sensor panel
button functions 4-2
configuring 4-3
described 4-1
field descriptions 4-2
user roles 4-2
W
Web Server
HTTP 1.0 and 1.1 support A-22
private keys A-21
public keys A-21
RDEP2 support A-22