External Product Interfaces Pane Field Definitions
The following fields are found in the External Product Interfaces pane:
- IP Address—Specifies the IP address of the external product.
- Enabled—Indicates whether the external product interface is enabled.
- Port—Specifies the port being used for communications.
- TLS Used—Indicates whether secure communications are being used.
- Username—Specifies the user login name that connects to the CSA MC.
- Host Posture Settings—Indicates how host postures received from the CSA MC should be handled:
– Enabled—Indicates that receipt of the host postures is enabled. If disabled, the host posture information received from a CSA MC is deleted.
– Allow Unreachable—Allows/denies the receipt of host posture information for hosts that are not reachable by the CSA MC.
A host is not reachable if the CSA MC cannot establish a connection with the host on any IP addresses in the host posture. This option is useful in filtering the postures whose IP addresses may not be visible to the IPS or may be duplicated across the network. This filter is most applicable in network topologies where hosts that are not reachable by the CSA MC are also not reachable by the IPS, for example if the IPS and the CSA MC are on the same network segment.
– Posture ACLs—Specifies network address ranges for which host postures are allowed or denied. This option provides a mechanism for filtering postures that have IP addresses that may not be visible to the IPS or may be duplicated across the network.
- Watch List Settings—Indicates how watch list settings received from the CSA MC should be handled:
– Enabled—Indicates that receipt of the watch list is enabled. If disabled, the watch list information received from a CSA MC is deleted.
– Manual RR Increase—Indicates by what percentage the manual watch list risk rating should be increased.
– Session RR Increase—Indicates by what percentage the session-based watch list risk rating should be increased.
– Packet RR Increase—Indicates by what percentage the packet-based watch list risk rating should be increased.
- SDEE URL—Indicates the URL on the CSA MC the IPS uses to retrieve information using SDEE communication. You must configure the URL based on the software version of the CSA MC that the IPS is communicating with as follows:
– For the CSA MC version 5.0, use /csamc50/sdee-server.
– For the CSA MC version 5.1, use /csamc51/sdee-server.
– For the CSA MC version 5.2 and later, use /csamc/sdee-server (the default value).
Add and Edit External Product Interface Dialog Boxes Field Definitions
The following fields are found in the Add and Edit External Product Interface dialog boxes:
- External Product’s IP Address—Specifies the IP address of the external product.
- Enable receipt of information—Enables the sensor to receive information from the external product interface.
Note If not checked, all host posture and quarantine information from this device is purged from the sensor.
- Communication Settings—Lets you see the SDEE URL and TLS, and lets you change the port:
– SDEE URL—Specifies the URL on the CSA MC the IPS uses to retrieve information using SDEE communication. You must configure the URL based on the software version of the CSA MC that the IPS is communicating with. For the CSA MC version 5.0, use /csamc50/sdee-server. For the CSA MC version 5.1, use /csamc51/sdee-server. For the CSA MC version 5.2 and later, use /csamc/sdee-server (the default value).
– Port—Specifies the port being used for communications.
– Use TLS—Indicates that secure communications are being used. You cannot change this value.
- Login Settings—Lets you specify the credentials required to log in to the CSA MC:
– Username—Lets you enter the username used to log in to the CSA MC.
– Password—Lets you assign a password to the user.
– Confirm Password—Lets you confirm the password.
- Watch List Settings—Lets you configure how watch list settings received from the CSA MC should be handled:
– Enable receipt of watch list—Enables/disables the receipt of the watch list information. The watch list information received from a CSA MC is deleted when disabled.
– Manual Watch List RR Increase—Lets you increase the percentage of the manual watch list risk rating.
– Session-based Watch List RR Increase—Lets you increase the percentage of the session-based watch list risk rating.
– Packet-based Watch List RR Increase—Lets you increase the percentage of the packet-based watch list risk rating.
- Host Posture Settings—Specifies how host postures received from the CSA MC should be handled:
– Enable receipt of host postures—Enables/disables the receipt of the host posture information. The host posture information received from a CSA MC is deleted when disabled.
– Allow unreachable hosts’ postures—Allows/denies the receipt of host posture information for hosts that are not reachable by the CSA MC. A host is not reachable if the CSA MC cannot establish a connection with the host on any IP addresses in the host’s posture. This option is useful in filtering the postures whose IP addresses may not be visible to the IPS or may be duplicated across the network. This filter is most applicable in network topologies where hosts that are not reachable by the CSA MC are also not reachable by the IPS, for example if the IPS and the CSA MC are on the same network segment.
- Permitted and Denied Host Posture Addresses—Lets you add host posture ACLs that will be permitted or denied:
– Name—Specifies the name of the posture ACL.
– Active—Indicates whether this posture ACL is active.
– IP Address—Specifies the IP address of the posture ACL.
– Network Mask—Specifies the network mask of the posture ACL.
– Action—Specifies the action (deny or permit) the posture ACL will take.
Adding, Editing, and Deleting External Product Interfaces and Posture ACLs
Caution In Cisco IPS the only external product interfaces you can add are CSA MC interfaces. Cisco IPS supports two CSA MC interfaces.
Note Make sure you add the external product as a trusted host so the sensor can communicate with it. To add a trusted host, choose Configuration > Sensor Management > Certificates > Trusted Hosts > Add.
To add an external product interface, follow these steps:
Step 1
Log in to the IDM using an account with administrator privileges.
Step 2 Choose Configuration >Sensor Management > External Product Interfaces , and click Add to add an external product interface.
Step 3 In the External Product’s IP Address field, enter the IP address of the external product.
Step 4 Check the Enable receipt of information check box to allow information to be passed from the external product to the sensor.
Step 5 In the Port field, change the default port 443 if needed.
Note Under Communication Settings, you can only change the Port value.
Step 6 Configure the login settings:
a. In the Username field, enter the username of the user who can log in to the external product.
b. In the Password field, enter the password the user will use.
c. In the Confirm Password field, enter the password again.
Note Steps 7 through 15 are optional. If you do not perform Steps 7 though 15, the default values are used receive all of the CSA MC information with no filters applied.
Step 7 (Optional) Configure the watch list settings:
a. Check the Enable receipt of watch list check box to allow the watch list information to be passed from the external product to the sensor.
Note If you do not check the Enable receipt of watch list check box, the watch list information received from a CSA MC is deleted.
b. In the Manual Watch List RR Increase field, you can change the percentage from the default of 25. The valid range is 0 to 35.
c. In the Session-based Watch List RR increase field, you can change the percentage from the default of 25. The valid range is 0 to 35.
d. In the Packet-based Watch List RR Increase field, you can change the percentage from the default of 10. The valid range is 0 to 35.
Step 8 (Optional) Check the Enable receipt of host postures check box to allow the host posture information to be passed from the external product to the sensor.
Note If you do not check the Enable receipt of host postures check box, the host posture information received from a CSA MC is deleted.
Step 9 (Optional) Check the Allow unreachable hosts’ postures check box to allow the host posture information from unreachable hosts to be passed from the external product to the sensor.
Note A host is not reachable if the CSA MC cannot establish a connection with the host on any of the IP addresses in the host posture. This option is useful in filtering the postures whose IP addresses may not be visible to the IPS or may be duplicated across the network. This filter is most applicable in network topologies where hosts that are not reachable by the CSA MC are also not reachable by the IPS, for example if the IPS and the CSA MC are on the same network segment.
Step 10 (Optional) To add a posture ACL, click Add .
Note Posture ACLs are network address ranges for which host postures are allowed or denied. Use posture ACLs to filter postures that have IP addresses that may not be visible to the IPS or may be duplicated across the network.
Step 11 (Optional) In the Name field, enter a name for the posture ACL.
Step 12 (Optional) In the Active field, click the Yes radio button to make the posture ACL active.
Step 13 (Optional) In the IP Address field, enter the IP address the posture ACL will use.
Step 14 (Optional) In the Network Mask field, enter the network mask the posture ACL will use.
Step 15 (Optional) In the Action drop-down list, choose the action (Deny or Permit) the posture ACL will take.
Tip To undo your changes and close the Add Posture ACL dialog box, click Cancel.
Step 16 (Optional) Click OK . The new posture ACL appears in the Host Posture Setting list in the Add External Product Interface dialog box. You can use the Move Up and Move Down buttons to reorder the posture ACLs that you create.
Step 17 To edit an existing posture ACL, select it, and click Edit .
Step 18 Edit the IP Address, Network Mask, and Action fields or change the active state to inactive by clicking the No radio button.
Tip To discard your changes and close the Edit Posture ACL dialog box, click Cancel.
Step 19 Click OK . The edited posture ACL appears in the Host Posture Setting list in the Add External Product Interface dialog box.
Step 20 To delete a posture ACL from the list, select it, and click Delete . The posture ACL no longer appears in the Host Posture Setting list in the Add External Product Interface dialog box.
Step 21 Click OK . The external product interface now appears in the Management Center for Cisco Security Agents list in the External Product Interfaces pane.
Tip To discard your changes and close the Add External Product Interface dialog box, click Cancel.
Step 22 To edit the external product interface, select it, and click Edit .
Step 23 Make any changes needed to the fields in the dialog box.
Tip To discard your changes and close the Edit External Product Interface dialog box, click Cancel.
Step 24 Click OK . The edited external product interface appears in the Management Center for Cisco Security Agents list in the External Product Interfaces pane.
Step 25 To delete an external product interface, select it, and click Delete . The external product interface no longer appears in the Management Center for Cisco Security Agents list in the External Product Interfaces pane.
Tip To discard your changes, click Reset.
Step 26 Click Apply to apply your changes and save the revised configuration.