Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1 - Index [Cisco IPS 4200 Series Sensors]

Table Of Contents

Numerics - A - B - C - D - E - F - G - H - I - L - M - N - O - P - R - S - T - U - V - W -

Index

Numerics

10BaseT cable pinouts

appliance F-1

ASA 5585-X F-1

2SX card

described 4-3, 5-4

illustration 4-4, 5-5

4GE bypass interface card

configuration restrictions 4-5, 5-6

described 4-3, 4-5, 5-4, 5-6

illustration 4-3, 5-4

802.1q encapsulation for VLAN groups 1-18

A

access control list. See ACL.

accessing

Diagnostic Panel (IPS 4270-20) 5-42

IPS software C-1

service account E-5

access list misconfiguration E-26

actions

ACL changes 1-2

IP logs 1-3

multiple packet drop 1-3

TCP reset 1-2

adaptive security appliance

ASA 5500 AIP SSM 8-2

ASA 5585-X IPS SSP 9-2

described 8-2

models 9-2

alternate TCP reset interface

configuration restrictions 1-13

designating 1-12

restrictions 1-5

Analysis Engine

error messages E-23

errors E-51

IDM exits E-55

sensing interfaces 1-6

verify it is running E-19

anomaly detection disabling E-18

appliance

cable pinouts (10BaseT) F-1

cable pinouts(10BaseT) F-1

appliances

ACLs 1-2

described 1-21

GRUB menu E-8

initializing B-8

logging in A-2

managers 1-21

models 1-21

password recovery E-8

preparing for installation 2-1

restrictions 1-22

SPAN 1-21

TCP reset 1-2

terminal servers

described 1-22, A-3, D-13

setting up 1-22, A-3, D-13

time sources 1-23, E-15

upgrading recovery partition D-6

application partition image recovery D-11

applying software updates E-52

ARC

blocking not occurring for signature E-41

device access issues E-39

enabling SSH E-41

inactive state E-37

misconfigured master blocking sensor E-42

troubleshooting E-35

verifying device interfaces E-40

verifying status E-36

ASA 5500 AIP SSM

described 8-2

indicators (illustration) 8-5

indicators described 8-5

initializing B-13

installing 8-5

logging in A-4

memory specifications 8-4

models 8-2

Normalizer engine E-61

recovering E-59

removing module 8-7

requirements 8-4

resetting E-58

session command A-4

sessioning in A-4

setup command B-13

show module 1 command 8-7

specifications 8-4

verifying status 8-7

ASA 5500-X IPS SSP

initializing B-17

logging in A-5

memory usage E-73

memory usage values (table) E-73

Normalizer engine E-72

password recovery E-9

resetting the password E-9

session command A-5

sessioning in A-5

setup command B-17

time soruces 1-23, E-15

ASA 5585-X

cable pinouts 10BaseT F-1

slide rail kit hardware installation 7-19

ASA 5585-X IPS SSP

adaptive security appliance 9-2

described 9-2

front panel indicators

described 9-7

illustration 9-6

initializing B-21

installing 9-9

installing system image D-23

interfaces 9-2, 9-3

introducing 9-2

logging in A-6

memory requirements 9-8

Normalizer engine E-79

password recovery E-11

reimaging D-23

removing 9-9, 9-13

requirements 9-4

resetting the password E-11

session command A-6

sessioning in A-6

setup command B-21

show module 1 command 9-12

slot 1 9-9

specifications 9-3

time sources 1-23, E-15

verifying status 9-13

ASA 5585-X SSP-10 with IPS SSP-10

described 9-2

memory requirements 9-8

ASA 5585-X SSP-20 with IPS SSP-20

described 9-3

memory requirements 9-8

ASA 5585-X SSP-40 with IPS SSP-40

described 9-3

memory requirements 9-8

ASA 5585-X SSP-60 with IPS SSP-60

described 9-3

memory requirements 9-8

ASA IPS modules

jumbo packet count E-62, E-73, E-80

ASDM resetting passwords E-11, E-12

asymmetric traffic and disabling anomaly detection E-18

attack responses for TCP resets 1-2

authenticated NTP 1-23, E-14

automatic setup B-2

automatic upgrade

information required D-7

troubleshooting E-52

autonegotiation for hardware bypass 4-6, 5-7

auto-upgrade-option command D-7

B

backing up

configuration E-2

current configuration E-4

back panel features

IPS 4260 4-8

IPS 4270-20 5-10

IPS 4345 6-7

IPS 4360 6-8

IPS 4510 7-6

IPS 4520 7-6

basic setup B-4

blocking not occurring for signature E-41

C

cable management arm

converting 5-33

described 5-32

installing 5-29

cable pinouts

RJ-45 to DB-9 F-3

cannot access sensor E-24

cidDump obtaining information E-105

circuit breaker warning 6-20

cisco

default password A-2

default username A-2

Cisco.com

accessing software C-1

downloading software C-1

software downloads C-1

Cisco ASA 5585-X

described 9-2

installing ASA 5585-X IPS SSP 9-13

models 9-2

removing ASA 5585-X IPS SSP 9-13

Cisco Security Intelligence Operations

described C-8

URL C-8

Cisco Services for IPS

service contract C-9

supported products C-9

clear events command 1-24, E-16, E-105

clearing

events E-105

statistics E-89

CLI password recovery E-13

command and control interface

described 1-5

Ethernet 1-2

list 1-5

commands

auto-upgrade-option D-7

clear events 1-24, E-16, E-105

copy backup-config E-3

copy current-config E-3

copy license-key C-12

debug module-boot E-59

downgrade D-10

erase license-key C-15

hw-module module 1 reset E-58

hw-module module slot_number password-reset E-11

setup B-1, B-4, B-8, B-13, B-17, B-21

show events E-102

show health E-81

show module 1 details E-58, E-64, E-76

show settings E-13

show statistics E-89

show statistics virtual-sensor E-23, E-89

show tech-support E-82

show version E-86

sw-module module slot_number password-reset E-9

upgrade D-3, D-6

configuration files

backing up E-2

merging E-2

configuration restrictions

alternate TCP reset interface 1-13

inline interface pairs 1-13

inline VLAN pairs 1-13

interfaces 1-12

physical interfaces 1-12

VLAN groups 1-14

configuring

automatic upgrades D-8

upgrades D-4

connecting SFP/SFP+ modules 9-12

converting cable management arm 5-33

copy backup-config command E-3

copy current-config command E-3

copy license-key command C-12

correcting time on the sensor 1-24, E-16

creating the service account E-5

cryptographic account

Encryption Software Export Distribution Authorization from C-2

obtaining C-2

current configuration back up E-2

D

DC power supply

connecting (IPS 4360) 6-22

described (IPS 4240-DC) 3-10

installing (IPS 4240-DC) 3-10

debug logging enable E-44

debug-module-boot command E-59

defaults

password A-2

username A-2

device access issues E-39

Diagnostic Panel

accessing 5-42

component list 5-14

illustration 5-14

indicators 5-14

disabling

anomaly detection E-18

password recovery E-13

disaster recovery E-6

displaying

events E-103

health status E-81

password recovery setting E-13

statistics E-89

tech support information E-82

version E-86

downgrade command D-10

downgrading sensors D-10

downloading Cisco software C-1

duplicate IP addresses E-26

E

electrical safety guidelines 2-3

enabling debug logging E-44

Encryption Software Export Distribution Authorization form

cryptographic account C-2

described C-2

erase license-key command C-15

errors (Analysis Engine) E-51

ESD environment working in 2-4

Ethernet port indicators

IPS 4260 4-8

IPS 4270-20 5-11

events

clearing E-105

displaying E-103

types E-102

Event Store

clearing E-105

clearing events 1-24, E-16

no alerts E-31

time stamp 1-24, E-16

examples

ASA failover configuration E-60, E-64, E-75

SPAN configuration for IPv6 support 1-16

System Configuration Dialog B-2

expansion cards

interface naming conventions (IPS 4260) 4-4

interface naming conventions (IPS 4270-20) 5-5

slots (IPS 4260) 4-21

slots (IPS 4270-20) 5-43

external product interfaces

issues E-20

troubleshooting E-21

F

fail-over testing 4-5, 5-6

false positives

filtering 1-4

tuning IPS 1-3

fan indicators (IPS 4270-20) 5-50

fans (IPS 4270-20) 5-50

files Cisco IPS (list) C-1

front panel features

IPS 4510 7-3

IPS 4520 7-3

front panel indicators

ASA 5585-X IPS SSP 9-6

IPS 4260 4-7

IPS 4270-20 5-9

IPS 4345 6-6

IPS 4360 6-6

front panel switches

IPS 4260 4-7

IPS 4270-20 5-9

FTP servers and software updates D-2

G

global correlation

license B-5

troubleshooting E-18

grounding lugs (IPS 4260) 4-17

GRUB menu password recovery E-8

guidelines

electrical safety 2-3

power supplies 2-6

H

hardware bypass

autonegotiation 4-6, 5-7

configuration restrictions 4-5, 5-6

fail-over 4-5, 5-6

IPS 4260 4-5

IPS 4270-20 5-6

link status changes and drops 4-6, 5-7, E-22

proper configuration 4-6, 5-7, E-22

supported configurations 4-5, 5-6

with software bypass 4-5, 5-6

health status display E-81

HTTP/HTTPS servers supported D-2

hw-module module 1 reset command E-58

hw-module module slot_number password-reset command E-11

I

IDM

Analysis Engine is busy E-55

described 7-2, 9-2

web browsers 7-2, 9-2

will not load E-54

IME

10 devices 7-3, 9-2

described 7-3, 9-2

time synchronization problems E-57

initializing

appliances B-8

ASA 5500 AIP SSM B-13

ASA 5500-X IPS SSP B-17

ASA 5585-X IPS SSP B-21

sensors B-1, B-4

user roles B-1

verifying B-25

inline interface pair mode

configuration restrictions 1-13

described 1-16

illustration 1-17

inline mode

interface cards 1-6

pairing interfaces 1-6

inline VLAN pair mode

configuration restrictions 1-13

described 1-17

illustration 1-17

supported sensors 1-17

installation preparation 2-1

installer major version C-5

installer minor version C-5

installing

ASA 5500 AIP SSM 8-5

cable management arm 5-29

DC power supply (IPS 4360) 6-25

fans (IPS 4270-20) 5-50

IPS 4240 3-8

IPS 4255 3-8

IPS 4260 4-17

IPS 4270-20 5-36

IPS 4345 6-12

IPS 4360 6-12

IPS 4510 7-11

IPS 4520 7-11

license key C-12

sensor license C-10

SFP/SFP+ modules 9-12

system image

ASA 5500-X IPS SSP D-22

ASA 5585-X IPS SSP D-23

IPS 4270-20 D-14

IPS 4345 D-16

IPS 4360 D-16

IPS 4510 D-19

IPS 4520 D-19

interface cards

IPS 4260

installing 4-21

removing 4-21

IPS 4270-20

installing 5-43

removing 5-43

interfaces

alternate TCP reset 1-5

command and control 1-5

configuration restrictions 1-12

described 1-4

port numbers 1-4

sensing 1-5, 1-6

slot numbers 1-4

support (table) 1-6

TCP reset 1-11

internal health information in the Diagnostic Panel 5-42

introducing

ASA 5500 AIP SSM 8-2

ASA 5585-X IPS SSP 9-2

IPS 4240 3-2

IPS 4255 3-2

IPS 4260 4-2

IPS 4270-20 5-2

IPS 4345 6-2

IPS 4360 6-2

IPS 4510 7-2

IPS 4520 7-2

IPS appliances 1-21

Intrusion Prevention System Device Manager. See IDM. 7-2, 9-2

Intrusion Prevention System Manager Express. See IME. 9-2

Intrusion Prevention System Manager Express. See IME. 7-3

IPS

restrictions 1-22

supported

appliances 1-19

modules 1-19

tuning 1-3

IPS 4240

7200 series router 3-5

back panel (illustration) 3-3

back panel indicators 3-4

described 3-1, 3-2

features 3-3

front panel

illustration 3-3

indicators 3-3

installation 3-8

installing DC power supply 3-10

rack mounting 3-6

specifications 3-4

IPS 4240-DC

described 3-10

installing 3-11

IPS 4255

back panel (illustration) 3-3

back panel indicators 3-4

described 3-2

features 3-3

front panel

illustration 3-3

indicators 3-3

installing 3-8

rack mounting 3-6

specifications 3-4

IPS 4260

4GE bypass interface card 4-2

accessories kit 4-10

back panel features 4-8

chassis cover

removing 4-20

replacing 4-20

described 4-1, 4-2

Ethernet port indicators 4-8

expansion card slots 4-21

features 4-7

front panel

indicators 4-7

switches 4-7

grounding lugs 4-17

hardware bypass 4-5

installing 4-17

interface cards 4-21

power supply 4-23

interface naming conventions 4-4

network ports 4-2

password recovery E-8

performance 4-2

power supplies 4-2

power supply indicators 4-9

rack mounting

4-post 4-11

rack-mounting

2-post 4-14

removing

interface cards 4-21

power supply 4-23

sensing interfaces 4-2

specifications 4-9

supported interface cards 4-3, 4-4

IPS 4270-20

4GE bypass interface card 5-3

accessories kit 5-16

back panel features 5-10

chassis cover

removing 5-40

replacing 5-40

converting cable management arm 5-33

described 5-1, 5-2

Diagnostic Panel

accessing 5-42

described 5-14

illustration 5-14

Ethernet port indicators

described 5-11

illustration 5-11

expansion card slots 5-43

extending from a rack 5-26

fan connector and indicator (illustration) 5-50

fan indicators 5-50

fans 5-50

features 5-8

front panel

indicators 5-9

switches 5-9

front view (illustration) 5-8

hardware bypass 5-6

hot-pluggable power supplies 5-45

installation 5-36

installing

cable management arm 5-29

fans 5-50

in a rack 5-18

interface cards 5-43

power supplies 5-45

installing system image D-14

interface naming conventions 5-5

maximum rack depth 5-17

network ports 5-3

password recovery E-8

performance 5-2

power supplies 5-3

power supply indicators 5-11

rack requirements 5-17

rail system kit

described 5-16

minimum rack depth 5-17

redundant power supplies 5-45

reimaging D-14

removing

interface cards 5-43

power supplies 5-45

sensing interfaces 5-3

shallow rack installation 5-20

specifications 5-15

switches and indicators (illustration) 5-8

T-15 Torx screwdriver 5-46

IPS 4345

back panel features 6-7

back panel features (illustration) 6-7

described 6-2

front panel (llustration) 6-5

front panel indicators described 6-6

indicators 6-6

installation 6-12

installing system image D-16

packing box contents 6-4

password recovery E-8

power supplies 6-15

power supplies (illustration) 6-16

power supply indicator 6-17

rack mounting 6-10

reimaging D-16

specifications 6-2

IPS 4360

AC power supply

installing 6-18

removing 6-18

back panel features 6-8

back panel features (illustration) 6-8

connecting DC power supplies 6-22

described 6-2

front panel (illustration) 6-5

front panel indicators described 6-6

indicators 6-6

installation 6-12

installing DC power supplies 6-25

installing system image D-16

packing box contents 6-4

password recovery E-8

power supplies 6-15

power supplies(illustration) 6-16

power supply indicator 6-17

reimaging D-16

removing DC power supplies 6-25

specifications 6-2

IPS 4510

back panel features 7-6

back panel features (illustration) 7-6

cable management brackets

described 7-32

installing 7-32

connecting cables 7-11

described 7-2

Ethernet port indicators 7-7

fan modules

hot-pluggable 7-18

installing 7-18

OIR 7-18

removing 7-18

front panel indicators

described 7-4

illustration 7-4

front panel view 7-3

installing

core IPS SSP 7-14

SFP/SFP+ modules 7-12

slide rail kit hardware 7-19

installing system image D-19

Management 0/0 7-11

management port described 7-11

memory requirements 7-10

OIR

fan supply modules 7-2

not supported 7-2

power supply modules 7-2

SFP/SFP+ 7-2

packing box contents 7-9

password recovery E-8

power module indicators

described 7-7

illustration 7-6

power supply modules

installing 7-16

removing 7-16

requirements 7-10

rack mounting 7-29

reimaging D-19

removing core IPS SSP 7-14

SFP ports 7-12

shutting down 7-14

slide rail kit hardware installation 7-19

specifications 7-8

supported SFP+ modules 7-11, 9-9

supported SFP modules 7-11, 9-9

SwitchApp 7-34

IPS 4520

back panel features 7-6

back panel features (illustration) 7-6

cable management brackets

described 7-32

installing 7-32

connecting cables 7-11

described 7-2

Ethernet port indicators 7-7

fan modules

hot-pluggable 7-18

installing 7-18

OIR 7-18

removing 7-18

front panel indicators

described 7-4

illustration 7-4

front panel view 7-3

installing

core IPS SSP 7-14

SFP/SFP+ modules 7-12

slide rail kit hardware 7-19

installing system image D-19

Management 0/0 7-11

management port described 7-11

memory requirements 7-10

OIR

fan supply modules 7-2

not supported 7-2

power supply modules 7-2

SFP/SFP+ 7-2

packing box contents 7-9

password recovery E-8

power module indicators

described 7-7

illustration 7-6

power supply modules

installing 7-16

removing 7-16

requirements 7-10

rack mounting 7-29

reimaging D-19

removing core IPS SSP 7-14

SFP ports 7-12

shutting down 7-14

slide rail kit hardware installation 7-19

specifications 7-8

supported SFP+ modules 7-11, 9-9

supported SFP modules 7-11, 9-9

SwitchApp 7-34

two power supply modules 7-16, 7-18

IPS software

available files C-1

obtaining C-1

platform-dependent release examples C-6

IPS software file names

major updates (illustration) C-4

minor updates (illustration) C-4

patch releases (illustration) C-4

service packs (illustration) C-4

IPS SSP-10 front panel features (illustration) 9-4

IPS SSP-20 front panel features (illustration) 9-4

IPS SSP-40 front panel features (illustration) 9-5

IPS SSP-60 front panel features (illustration) 9-5

IPS SSP in the ASA 5585-X 9-2

IPv6

SPAN ports 1-15

switches 1-15

L

license key

installing C-12

obtaining C-9

trial C-9

uninstalling C-15

viewing status of C-9

licensing

described C-9

IPS device serial number C-9

Licensing pane

configuring C-10

described C-9

logging in

appliances A-2

ASA 5500 AIP SSM A-4

ASA 5500-X IPS SSP A-5

ASA 5585-X IPS SSP A-6

sensors

SSH A-7

Telnet A-7

service role A-1

terminal servers 1-22, A-3, D-13

user role A-1

loose connections on sensors 5-52, 7-33, E-22

M

major updates described C-3

Management 0/0 port described 7-11

Management 0/1 described 7-11

manual block to bogus host E-41

master blocking sensor

not set up properly E-42

verifying configuration E-42

merging configuration files E-2

MIBs supported E-17

minor updates described C-3

modes

IDS 1-1

inline interface pair 1-16

inline VLAN pair 1-17

IPS 1-1

promiscuous 1-15

VLAN groups 1-18

modules

ASA 5500 AIP SSM 8-2

ASA 5585-X IPS SSP 9-2

N

NTP

authenticated 1-23, E-14

described 1-23, E-15

incorrect configuration 1-24, E-15

time synchronization 1-23, E-15

unauthenticated 1-23, E-14

verifying configuration 1-24

O

obtaining

cryptographic account C-2

IPS software C-1

license key C-9

sensor license C-10

OIR

not supported for modules 7-2

supported

fan modules 7-2

power supply modules 7-2

SFP/SFP+ 7-2

online insertion and removal. See OIR. 9-2

P

password recovery

appliances E-8

ASA 5500-X IPS SSP E-9

ASA 5585-X IPS SSP E-11

CLI E-13

described E-7

disabling E-13

displaying setting E-13

GRUB menu E-8

IPS 4260 E-8

IPS 4270-20 E-8

IPS 4345 E-8

IPS 4360 E-8

IPS 4510 E-8

IPS 4520 E-8

platforms E-7

ROMMON E-8

troubleshooting E-14

verifying E-13

patch releases described C-3

performance (IPS 4270-20) 5-2

physical connectivity issues E-29

physical interfaces configuration restrictions 1-12

ports

Management 0/0 7-11

Management 0/1 7-11

SFP 7-12

SFP/SFP+ 9-12

power supplies

described (IPS 4345) 6-16

describes (IPS 4360) 6-16

illustration (IPS 4345) 6-16

illustration (IPS 4560) 6-16

IPS 4260

installing 4-23

removing 4-23

IPS 4270-20

hot-pluggable 5-45

installing 5-45

redundant 5-45

removing 5-45

power supply guidelines 2-6

power supply indicator

IPS 4345 6-17

IPS 4360 6-17

power supply indicators

IPS 4260 4-9

IPS 4270-20 5-11

IPS 4510 7-6

IPS 4520 7-6

power supply modules

hot-pluggable 7-16

installing (IPS 4510) 7-16

installing (IPS 4520) 7-16

OIR 7-16

redundant configuration 7-16

removing (IPS 4510) 7-16

removing (IPS 4520) 7-16

preparing for appliance installation 2-1

promiscuous mode

atomic attacks 1-15

described 1-15

illustration 1-15

packet flow 1-15

SPAN ports 1-15

TCP reset interfaces 1-11

VACL capture 1-15

R

rack mounting

IPX 4345 6-10

rack-mounting

IPS 4260

2-post 4-14

4-post 4-11

IPS 4270-20

extension 5-26

installation 5-18

requirements 5-17

IPS 4510 7-29

IPS 4520 7-29

racks

airflow requirements 5-17

space requirements 5-17

rail system

maximum rack depth 5-17

minimum rack depth 5-17

rack hole-types (illustration) 5-16

round holes 5-16

square holes 5-16

threaded holes 5-16

rail system kit

cable management arm 5-29, 5-32

contents 5-17

IPS 4270-20 5-16

required tools 5-17

recover command D-11

recovering

ASA 5500 AIP SSM E-59

recovering the application partition image D-11

recovery partition upgrade D-6

reimaging

ASA 5500-X IPS SSP D-22

ASA 5585-X IPS SSP D-23

described D-2

IPS 4270-20 D-14

IPS 4345 D-16

IPS 4360 D-16

IPS 4510 D-19

IPS 4520 D-19

sensors D-2, D-11

removing

ASA 5500 AIP SSM 8-7

ASA 5585-X IPS SSP 9-13

chassis cover (IPS 4260) 4-20

chassis cover (IPS 4270-20) 5-40

DC power supply (IPS 4360) 6-25

last applied

service pack D-10

signature update D-10

replacing

chassis cover

IPS 4260 4-20

IPS 4270-20 5-40

requirements

ASA 5500 AIP SSM 8-4

ASA 5585-X IPS SSP 9-4

racks

airflow 5-17

space 5-17

reset not occurring for a signature E-50

resetting

ASA 5500 AIP SSM E-58

passwords

ASDM E-11, E-12

hw-module command E-11

sw-module command E-9

resetting the password

ASA 5500-X IPS SSP E-9

ASA 5585-X IPS SSP E-11

restoring the current configuration E-4

RJ-45 to DB-9 cable pinouts F-3

ROMMON

ASA 5585-X IPS SSP D-25

described D-12

IPS 4270-20 D-14

IPS 4345 D-16, E-8

IPS 4360 D-16, E-8

IPS 4510 D-19, E-8

IPS 4520 D-19, E-8

password recovery E-8

remote sensors D-12

serial console port D-12

TFTP D-13

round-trip time. See RTT.

RTT

described D-13

TFTP limitation D-13

S

scheduling automatic upgrades D-8

security

information on Cisco Security Intelligence Operations C-8

sensing interfaces

Analysis Engine 1-6

described 1-6

interface cards 1-6

modes 1-6

sensor license

installing C-10

obtaining C-10

sensors

access problems E-24

application partition image D-11

ASA 5500 AIP SSM 8-2

asymmetric traffic and disabling anomaly detection E-18

capturing traffic 1-1

command and control interfaces (list) 1-5

comprehensive deployment 1-1

Comprehensive Deployment Solutions (illustration) 1-1

corrupted SensorApp configuration E-34

disaster recovery E-6

downgrading D-10

electrical guidelines 2-3

IDS mode 1-1

incorrect NTP configuration 1-24, E-15

initializing B-1, B-4

interface support 1-6

IP address conflicts E-26

IPS mode 1-1

IPS tuning tips 1-3

logging in

SSH A-7

Telnet A-7

loose connections 5-52, 7-33, E-22

misconfigured access lists E-26

models 1-19

network topology 1-3

no alerts E-31, E-56

not seeing packets E-32

NTP time synchronization 1-23, E-15

physical connectivity E-29

power supply guidelines 2-6

preventive maintenance E-2

reimaging D-2

sensing process not running E-28

setup command B-1, B-4, B-8

site guidelines 2-5

supported 1-19

TCP reset 1-2

time sources 1-23, E-14

troubleshooting software upgrades E-53

upgrading D-4

service account

accessing E-5

cautions E-5

creating E-5

described E-5

service packs described C-3

service role A-1

session command

ASA 5500 AIP SSM A-4

ASA 5500-X IPS SSP A-5

ASA 5585-X IPS SSP A-6

sessioning in

ASA 5500 AIP SSM A-4

ASA 5500-X IPS SSP A-5

ASA 5585-X IPS SSP A-6

setting up terminal servers 1-22, A-3, D-13

setup

automatic B-2

command B-1, B-4, B-8, B-13, B-17, B-21

simplified mode B-2

SFP+ modules

described 7-10, 9-9

supported (table) 7-11, 9-9

SFP+ modules described 9-4

SFP/SFP+ port (illustration) 9-12

SFP modules

described 7-10, 9-4, 9-9

supported (table) 7-11, 9-9

SFP port (illustration) 7-12

shallow rack installation (IPS 4270-20) 5-20

show events command E-102

show health command E-81

show interfaces command E-100

show module 1 details command E-58, E-64, E-76

show settings command E-13

show statistics command E-88, E-89

show statistics virtual-sensor command E-23, E-89

show tech-support command E-82

show version command E-86

signature engine update files described C-5

signatures

TCP reset E-50

update files C-4

site guidelines for sensor installation 2-5

SNMP supported MIBs E-17

software bypass

supported configurations 4-5, 5-6

with hardware bypass 4-5, 5-6

software downloads Cisco.com C-1

software file names

recovery (illustration) C-5

signature/virus updates (illustration) C-4

signature engine updates (illustration) C-5

system image (illustration) C-5

software release examples

platform-dependent C-6

platform identifiers C-7

platform-independent C-6

software updates

supported FTP servers D-2

supported HTTP/HTTPS servers D-2

SPAN

appliances 1-21

port issues E-29

specifications

ASA 5500 AIP SSM 8-4

IPS 4240 3-4

IPS 4255 3-4

IPS 4260 4-9

IPS 4270-20 5-15

IPS 4345 6-2

IPS 4360 6-2

IPS 4510 7-8

IPS 4520 7-8

SSP-10

components 9-2

described 9-2

SSP-20

components 9-3

described 9-3

SSP-40

components 9-3

described 9-3

SSP-60

components 9-3

described 9-3

SSP in slot 2 9-9

statistic display E-89

subinterface 0 described 1-18

supported

FTP servers D-2

HTTP/HTTPS servers D-2

SwitchApp described 7-34

Switched Port Analyzer see SPAN

switches and TCP reset interfaces 1-12

sw-module module slot_number password-reset command E-9

System Configuration Dialog

described B-2

example B-2

system images

installing

ASA 5500-X IPS SSP D-22

ASA 5585-X IPS SSP D-23

IPS 4270-20 D-14

IPS 4345 D-16

IPS 4360 D-16

IPS 4510 D-19

IPS 4520 D-19

T

T-15 Torx screwdriver (IPS 4270-20) 5-46

TAC

service account E-5

show tech-support command E-82

TCP reset interfaces

conditions 1-12

described 1-11

list 1-11

promiscuous mode 1-11

switches 1-12

TCP resets

not occurring E-50

signature actions 1-2

tech support information display E-82

terminal server setup 1-22, A-3, D-13

testing fail-over 4-5, 5-6

TFTP servers

recommended

UNIX D-13

Windows D-13

RTT D-13

time

correction on the sensor 1-24, E-16

sensors 1-23, E-14

time sources

appliances 1-23, E-15

ASA 5500-X IPS SSP 1-23, E-15

ASA 5585-X IPS SSP 1-23, E-15

trial license key C-9

troubleshooting E-1

Analysis Engine busy E-55

applying software updates E-52

ARC

blocking not occurring for signature E-41

device access issues E-39

enabling SSH E-41

inactive state E-37

misconfigured master blocking sensor E-42

verifying device interfaces E-40

ASA 5500 AIP SSM

commands E-58

debugging E-59

failover scenarios E-60

recovering E-59

reset E-58

ASA 5500-X IPS SSP

commands E-64

failover scenarios E-63

ASA 5585-X IPS SSP

commands E-76

failover scenarios E-74

traffic flow stopped E-76

automatic updates E-52

cannot access sensor E-24

cidDump E-105

cidLog messages to syslog E-49

communication E-23

corrupted SensorApp configuration E-34

debug logger zone names (table) E-48

debug logging E-44

Diagnostic Panel (IPS 4270-20) 5-42

disaster recovery E-6

duplicate sensor IP addresses E-26

enabling debug logging E-44

external product interfaces E-21

gathering information E-80

global correlation E-18

IDM

cannot access sensor E-55

will not load E-54

IME time synchronization E-57

IPS clock time drift 1-23, E-15

manual block to bogus host E-41

misconfigured access list E-26

no alerts E-31, E-56

NTP E-50

password recovery E-14

physical connectivity issues E-29

preventive maintenance E-2

reset not occurring for a signature E-50

sensing process not running E-28

sensor events E-102

sensor loose connections 5-52, 7-33, E-22

sensor not seeing packets E-32

sensor software upgrade E-53

service account E-5

show events command E-101

show interfaces command E-100

show statistics command E-88

show tech-support command E-82, E-83

show version command E-85, E-86

software upgrades E-51

SPAN

port issue E-29

upgrading E-51

verifying Analysis Engine is running E-19

verifying ARC status E-36

tuning

IPS 1-3

tips 1-3

U

unassigned VLAN groups described 1-18

unauthenticated NTP 1-23, E-14

uninstalling the license key C-15

upgrade command D-3, D-6

upgrade notes and caveatsu(pgrading IPS software) D-1

upgrading

application partition D-11

latest version E-51

recovery partition D-6

sensors D-4

upgrading IPS software (upgrade notes and caveats) D-1

URLs for Cisco Security Intelligence Operations C-8

using

debug logging E-44

TCP reset interfaces 1-12

V

verifying

ASA 5585-X IPS SSP installation 9-13

NTP configuration 1-24

password recovery E-13

sensor initialization B-25

sensor setup B-25

version display E-86

viewing

license key status C-9

virtualization

advantages E-16

restrictions E-17

supported sensors E-17

traffic capture requirements E-17

VLAN groups

802.1q encapsulation 1-18

configuration restrictions 1-14

deploying 1-18

described 1-18

switches 1-18

W

warning

circuit breaker 6-20

exposed DC wire 6-22

	Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1
	Index
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1 Preface Introducing the Sensor Preparing the Appliance for Installation Installing the IPS 4270-20 Installing the IPS 4345 and IPS 4360 Installing the IPS 4510 and IPS 4520 Installing and Removing the ASA 5500 AIP SSM Installing and Removing the ASA 5585-X IPS SSP Logging In to the Sensor Initializing the Sensor Obtaining Software Upgrading, Downgrading, and Installing System Images Troubleshooting Cable Pinouts Glossary Index	Download this chapter Index Download the complete book Click Here for Whole-Book PDF (PDF - 16 MB) Feedback Table Of Contents Numerics - A - B - C - D - E - F - G - H - I - L - M - N - O - P - R - S - T - U - V - W - Index Numerics 10BaseT cable pinouts appliance F-1 ASA 5585-X F-1 2SX card described 4-3, 5-4 illustration 4-4, 5-5 4GE bypass interface card configuration restrictions 4-5, 5-6 described 4-3, 4-5, 5-4, 5-6 illustration 4-3, 5-4 802.1q encapsulation for VLAN groups 1-18 A access control list. See ACL. accessing Diagnostic Panel (IPS 4270-20) 5-42 IPS software C-1 service account E-5 access list misconfiguration E-26 actions ACL changes 1-2 IP logs 1-3 multiple packet drop 1-3 TCP reset 1-2 adaptive security appliance ASA 5500 AIP SSM 8-2 ASA 5585-X IPS SSP 9-2 described 8-2 models 9-2 alternate TCP reset interface configuration restrictions 1-13 designating 1-12 restrictions 1-5 Analysis Engine error messages E-23 errors E-51 IDM exits E-55 sensing interfaces 1-6 verify it is running E-19 anomaly detection disabling E-18 appliance cable pinouts (10BaseT) F-1 cable pinouts(10BaseT) F-1 appliances ACLs 1-2 described 1-21 GRUB menu E-8 initializing B-8 logging in A-2 managers 1-21 models 1-21 password recovery E-8 preparing for installation 2-1 restrictions 1-22 SPAN 1-21 TCP reset 1-2 terminal servers described 1-22, A-3, D-13 setting up 1-22, A-3, D-13 time sources 1-23, E-15 upgrading recovery partition D-6 application partition image recovery D-11 applying software updates E-52 ARC blocking not occurring for signature E-41 device access issues E-39 enabling SSH E-41 inactive state E-37 misconfigured master blocking sensor E-42 troubleshooting E-35 verifying device interfaces E-40 verifying status E-36 ASA 5500 AIP SSM described 8-2 indicators (illustration) 8-5 indicators described 8-5 initializing B-13 installing 8-5 logging in A-4 memory specifications 8-4 models 8-2 Normalizer engine E-61 recovering E-59 removing module 8-7 requirements 8-4 resetting E-58 session command A-4 sessioning in A-4 setup command B-13 show module 1 command 8-7 specifications 8-4 verifying status 8-7 ASA 5500-X IPS SSP initializing B-17 logging in A-5 memory usage E-73 memory usage values (table) E-73 Normalizer engine E-72 password recovery E-9 resetting the password E-9 session command A-5 sessioning in A-5 setup command B-17 time soruces 1-23, E-15 ASA 5585-X cable pinouts 10BaseT F-1 slide rail kit hardware installation 7-19 ASA 5585-X IPS SSP adaptive security appliance 9-2 described 9-2 front panel indicators described 9-7 illustration 9-6 initializing B-21 installing 9-9 installing system image D-23 interfaces 9-2, 9-3 introducing 9-2 logging in A-6 memory requirements 9-8 Normalizer engine E-79 password recovery E-11 reimaging D-23 removing 9-9, 9-13 requirements 9-4 resetting the password E-11 session command A-6 sessioning in A-6 setup command B-21 show module 1 command 9-12 slot 1 9-9 specifications 9-3 time sources 1-23, E-15 verifying status 9-13 ASA 5585-X SSP-10 with IPS SSP-10 described 9-2 memory requirements 9-8 ASA 5585-X SSP-20 with IPS SSP-20 described 9-3 memory requirements 9-8 ASA 5585-X SSP-40 with IPS SSP-40 described 9-3 memory requirements 9-8 ASA 5585-X SSP-60 with IPS SSP-60 described 9-3 memory requirements 9-8 ASA IPS modules jumbo packet count E-62, E-73, E-80 ASDM resetting passwords E-11, E-12 asymmetric traffic and disabling anomaly detection E-18 attack responses for TCP resets 1-2 authenticated NTP 1-23, E-14 automatic setup B-2 automatic upgrade information required D-7 troubleshooting E-52 autonegotiation for hardware bypass 4-6, 5-7 auto-upgrade-option command D-7 B backing up configuration E-2 current configuration E-4 back panel features IPS 4260 4-8 IPS 4270-20 5-10 IPS 4345 6-7 IPS 4360 6-8 IPS 4510 7-6 IPS 4520 7-6 basic setup B-4 blocking not occurring for signature E-41 C cable management arm converting 5-33 described 5-32 installing 5-29 cable pinouts RJ-45 to DB-9 F-3 cannot access sensor E-24 cidDump obtaining information E-105 circuit breaker warning 6-20 cisco default password A-2 default username A-2 Cisco.com accessing software C-1 downloading software C-1 software downloads C-1 Cisco ASA 5585-X described 9-2 installing ASA 5585-X IPS SSP 9-13 models 9-2 removing ASA 5585-X IPS SSP 9-13 Cisco Security Intelligence Operations described C-8 URL C-8 Cisco Services for IPS service contract C-9 supported products C-9 clear events command 1-24, E-16, E-105 clearing events E-105 statistics E-89 CLI password recovery E-13 command and control interface described 1-5 Ethernet 1-2 list 1-5 commands auto-upgrade-option D-7 clear events 1-24, E-16, E-105 copy backup-config E-3 copy current-config E-3 copy license-key C-12 debug module-boot E-59 downgrade D-10 erase license-key C-15 hw-module module 1 reset E-58 hw-module module slot_number password-reset E-11 setup B-1, B-4, B-8, B-13, B-17, B-21 show events E-102 show health E-81 show module 1 details E-58, E-64, E-76 show settings E-13 show statistics E-89 show statistics virtual-sensor E-23, E-89 show tech-support E-82 show version E-86 sw-module module slot_number password-reset E-9 upgrade D-3, D-6 configuration files backing up E-2 merging E-2 configuration restrictions alternate TCP reset interface 1-13 inline interface pairs 1-13 inline VLAN pairs 1-13 interfaces 1-12 physical interfaces 1-12 VLAN groups 1-14 configuring automatic upgrades D-8 upgrades D-4 connecting SFP/SFP+ modules 9-12 converting cable management arm 5-33 copy backup-config command E-3 copy current-config command E-3 copy license-key command C-12 correcting time on the sensor 1-24, E-16 creating the service account E-5 cryptographic account Encryption Software Export Distribution Authorization from C-2 obtaining C-2 current configuration back up E-2 D DC power supply connecting (IPS 4360) 6-22 described (IPS 4240-DC) 3-10 installing (IPS 4240-DC) 3-10 debug logging enable E-44 debug-module-boot command E-59 defaults password A-2 username A-2 device access issues E-39 Diagnostic Panel accessing 5-42 component list 5-14 illustration 5-14 indicators 5-14 disabling anomaly detection E-18 password recovery E-13 disaster recovery E-6 displaying events E-103 health status E-81 password recovery setting E-13 statistics E-89 tech support information E-82 version E-86 downgrade command D-10 downgrading sensors D-10 downloading Cisco software C-1 duplicate IP addresses E-26 E electrical safety guidelines 2-3 enabling debug logging E-44 Encryption Software Export Distribution Authorization form cryptographic account C-2 described C-2 erase license-key command C-15 errors (Analysis Engine) E-51 ESD environment working in 2-4 Ethernet port indicators IPS 4260 4-8 IPS 4270-20 5-11 events clearing E-105 displaying E-103 types E-102 Event Store clearing E-105 clearing events 1-24, E-16 no alerts E-31 time stamp 1-24, E-16 examples ASA failover configuration E-60, E-64, E-75 SPAN configuration for IPv6 support 1-16 System Configuration Dialog B-2 expansion cards interface naming conventions (IPS 4260) 4-4 interface naming conventions (IPS 4270-20) 5-5 slots (IPS 4260) 4-21 slots (IPS 4270-20) 5-43 external product interfaces issues E-20 troubleshooting E-21 F fail-over testing 4-5, 5-6 false positives filtering 1-4 tuning IPS 1-3 fan indicators (IPS 4270-20) 5-50 fans (IPS 4270-20) 5-50 files Cisco IPS (list) C-1 front panel features IPS 4510 7-3 IPS 4520 7-3 front panel indicators ASA 5585-X IPS SSP 9-6 IPS 4260 4-7 IPS 4270-20 5-9 IPS 4345 6-6 IPS 4360 6-6 front panel switches IPS 4260 4-7 IPS 4270-20 5-9 FTP servers and software updates D-2 G global correlation license B-5 troubleshooting E-18 grounding lugs (IPS 4260) 4-17 GRUB menu password recovery E-8 guidelines electrical safety 2-3 power supplies 2-6 H hardware bypass autonegotiation 4-6, 5-7 configuration restrictions 4-5, 5-6 fail-over 4-5, 5-6 IPS 4260 4-5 IPS 4270-20 5-6 link status changes and drops 4-6, 5-7, E-22 proper configuration 4-6, 5-7, E-22 supported configurations 4-5, 5-6 with software bypass 4-5, 5-6 health status display E-81 HTTP/HTTPS servers supported D-2 hw-module module 1 reset command E-58 hw-module module slot_number password-reset command E-11 I IDM Analysis Engine is busy E-55 described 7-2, 9-2 web browsers 7-2, 9-2 will not load E-54 IME 10 devices 7-3, 9-2 described 7-3, 9-2 time synchronization problems E-57 initializing appliances B-8 ASA 5500 AIP SSM B-13 ASA 5500-X IPS SSP B-17 ASA 5585-X IPS SSP B-21 sensors B-1, B-4 user roles B-1 verifying B-25 inline interface pair mode configuration restrictions 1-13 described 1-16 illustration 1-17 inline mode interface cards 1-6 pairing interfaces 1-6 inline VLAN pair mode configuration restrictions 1-13 described 1-17 illustration 1-17 supported sensors 1-17 installation preparation 2-1 installer major version C-5 installer minor version C-5 installing ASA 5500 AIP SSM 8-5 cable management arm 5-29 DC power supply (IPS 4360) 6-25 fans (IPS 4270-20) 5-50 IPS 4240 3-8 IPS 4255 3-8 IPS 4260 4-17 IPS 4270-20 5-36 IPS 4345 6-12 IPS 4360 6-12 IPS 4510 7-11 IPS 4520 7-11 license key C-12 sensor license C-10 SFP/SFP+ modules 9-12 system image ASA 5500-X IPS SSP D-22 ASA 5585-X IPS SSP D-23 IPS 4270-20 D-14 IPS 4345 D-16 IPS 4360 D-16 IPS 4510 D-19 IPS 4520 D-19 interface cards IPS 4260 installing 4-21 removing 4-21 IPS 4270-20 installing 5-43 removing 5-43 interfaces alternate TCP reset 1-5 command and control 1-5 configuration restrictions 1-12 described 1-4 port numbers 1-4 sensing 1-5, 1-6 slot numbers 1-4 support (table) 1-6 TCP reset 1-11 internal health information in the Diagnostic Panel 5-42 introducing ASA 5500 AIP SSM 8-2 ASA 5585-X IPS SSP 9-2 IPS 4240 3-2 IPS 4255 3-2 IPS 4260 4-2 IPS 4270-20 5-2 IPS 4345 6-2 IPS 4360 6-2 IPS 4510 7-2 IPS 4520 7-2 IPS appliances 1-21 Intrusion Prevention System Device Manager. See IDM. 7-2, 9-2 Intrusion Prevention System Manager Express. See IME. 9-2 Intrusion Prevention System Manager Express. See IME. 7-3 IPS restrictions 1-22 supported appliances 1-19 modules 1-19 tuning 1-3 IPS 4240 7200 series router 3-5 back panel (illustration) 3-3 back panel indicators 3-4 described 3-1, 3-2 features 3-3 front panel illustration 3-3 indicators 3-3 installation 3-8 installing DC power supply 3-10 rack mounting 3-6 specifications 3-4 IPS 4240-DC described 3-10 installing 3-11 IPS 4255 back panel (illustration) 3-3 back panel indicators 3-4 described 3-2 features 3-3 front panel illustration 3-3 indicators 3-3 installing 3-8 rack mounting 3-6 specifications 3-4 IPS 4260 4GE bypass interface card 4-2 accessories kit 4-10 back panel features 4-8 chassis cover removing 4-20 replacing 4-20 described 4-1, 4-2 Ethernet port indicators 4-8 expansion card slots 4-21 features 4-7 front panel indicators 4-7 switches 4-7 grounding lugs 4-17 hardware bypass 4-5 installing 4-17 interface cards 4-21 power supply 4-23 interface naming conventions 4-4 network ports 4-2 password recovery E-8 performance 4-2 power supplies 4-2 power supply indicators 4-9 rack mounting 4-post 4-11 rack-mounting 2-post 4-14 removing interface cards 4-21 power supply 4-23 sensing interfaces 4-2 specifications 4-9 supported interface cards 4-3, 4-4 IPS 4270-20 4GE bypass interface card 5-3 accessories kit 5-16 back panel features 5-10 chassis cover removing 5-40 replacing 5-40 converting cable management arm 5-33 described 5-1, 5-2 Diagnostic Panel accessing 5-42 described 5-14 illustration 5-14 Ethernet port indicators described 5-11 illustration 5-11 expansion card slots 5-43 extending from a rack 5-26 fan connector and indicator (illustration) 5-50 fan indicators 5-50 fans 5-50 features 5-8 front panel indicators 5-9 switches 5-9 front view (illustration) 5-8 hardware bypass 5-6 hot-pluggable power supplies 5-45 installation 5-36 installing cable management arm 5-29 fans 5-50 in a rack 5-18 interface cards 5-43 power supplies 5-45 installing system image D-14 interface naming conventions 5-5 maximum rack depth 5-17 network ports 5-3 password recovery E-8 performance 5-2 power supplies 5-3 power supply indicators 5-11 rack requirements 5-17 rail system kit described 5-16 minimum rack depth 5-17 redundant power supplies 5-45 reimaging D-14 removing interface cards 5-43 power supplies 5-45 sensing interfaces 5-3 shallow rack installation 5-20 specifications 5-15 switches and indicators (illustration) 5-8 T-15 Torx screwdriver 5-46 IPS 4345 back panel features 6-7 back panel features (illustration) 6-7 described 6-2 front panel (llustration) 6-5 front panel indicators described 6-6 indicators 6-6 installation 6-12 installing system image D-16 packing box contents 6-4 password recovery E-8 power supplies 6-15 power supplies (illustration) 6-16 power supply indicator 6-17 rack mounting 6-10 reimaging D-16 specifications 6-2 IPS 4360 AC power supply installing 6-18 removing 6-18 back panel features 6-8 back panel features (illustration) 6-8 connecting DC power supplies 6-22 described 6-2 front panel (illustration) 6-5 front panel indicators described 6-6 indicators 6-6 installation 6-12 installing DC power supplies 6-25 installing system image D-16 packing box contents 6-4 password recovery E-8 power supplies 6-15 power supplies(illustration) 6-16 power supply indicator 6-17 reimaging D-16 removing DC power supplies 6-25 specifications 6-2 IPS 4510 back panel features 7-6 back panel features (illustration) 7-6 cable management brackets described 7-32 installing 7-32 connecting cables 7-11 described 7-2 Ethernet port indicators 7-7 fan modules hot-pluggable 7-18 installing 7-18 OIR 7-18 removing 7-18 front panel indicators described 7-4 illustration 7-4 front panel view 7-3 installing core IPS SSP 7-14 SFP/SFP+ modules 7-12 slide rail kit hardware 7-19 installing system image D-19 Management 0/0 7-11 management port described 7-11 memory requirements 7-10 OIR fan supply modules 7-2 not supported 7-2 power supply modules 7-2 SFP/SFP+ 7-2 packing box contents 7-9 password recovery E-8 power module indicators described 7-7 illustration 7-6 power supply modules installing 7-16 removing 7-16 requirements 7-10 rack mounting 7-29 reimaging D-19 removing core IPS SSP 7-14 SFP ports 7-12 shutting down 7-14 slide rail kit hardware installation 7-19 specifications 7-8 supported SFP+ modules 7-11, 9-9 supported SFP modules 7-11, 9-9 SwitchApp 7-34 IPS 4520 back panel features 7-6 back panel features (illustration) 7-6 cable management brackets described 7-32 installing 7-32 connecting cables 7-11 described 7-2 Ethernet port indicators 7-7 fan modules hot-pluggable 7-18 installing 7-18 OIR 7-18 removing 7-18 front panel indicators described 7-4 illustration 7-4 front panel view 7-3 installing core IPS SSP 7-14 SFP/SFP+ modules 7-12 slide rail kit hardware 7-19 installing system image D-19 Management 0/0 7-11 management port described 7-11 memory requirements 7-10 OIR fan supply modules 7-2 not supported 7-2 power supply modules 7-2 SFP/SFP+ 7-2 packing box contents 7-9 password recovery E-8 power module indicators described 7-7 illustration 7-6 power supply modules installing 7-16 removing 7-16 requirements 7-10 rack mounting 7-29 reimaging D-19 removing core IPS SSP 7-14 SFP ports 7-12 shutting down 7-14 slide rail kit hardware installation 7-19 specifications 7-8 supported SFP+ modules 7-11, 9-9 supported SFP modules 7-11, 9-9 SwitchApp 7-34 two power supply modules 7-16, 7-18 IPS software available files C-1 obtaining C-1 platform-dependent release examples C-6 IPS software file names major updates (illustration) C-4 minor updates (illustration) C-4 patch releases (illustration) C-4 service packs (illustration) C-4 IPS SSP-10 front panel features (illustration) 9-4 IPS SSP-20 front panel features (illustration) 9-4 IPS SSP-40 front panel features (illustration) 9-5 IPS SSP-60 front panel features (illustration) 9-5 IPS SSP in the ASA 5585-X 9-2 IPv6 SPAN ports 1-15 switches 1-15 L license key installing C-12 obtaining C-9 trial C-9 uninstalling C-15 viewing status of C-9 licensing described C-9 IPS device serial number C-9 Licensing pane configuring C-10 described C-9 logging in appliances A-2 ASA 5500 AIP SSM A-4 ASA 5500-X IPS SSP A-5 ASA 5585-X IPS SSP A-6 sensors SSH A-7 Telnet A-7 service role A-1 terminal servers 1-22, A-3, D-13 user role A-1 loose connections on sensors 5-52, 7-33, E-22 M major updates described C-3 Management 0/0 port described 7-11 Management 0/1 described 7-11 manual block to bogus host E-41 master blocking sensor not set up properly E-42 verifying configuration E-42 merging configuration files E-2 MIBs supported E-17 minor updates described C-3 modes IDS 1-1 inline interface pair 1-16 inline VLAN pair 1-17 IPS 1-1 promiscuous 1-15 VLAN groups 1-18 modules ASA 5500 AIP SSM 8-2 ASA 5585-X IPS SSP 9-2 N NTP authenticated 1-23, E-14 described 1-23, E-15 incorrect configuration 1-24, E-15 time synchronization 1-23, E-15 unauthenticated 1-23, E-14 verifying configuration 1-24 O obtaining cryptographic account C-2 IPS software C-1 license key C-9 sensor license C-10 OIR not supported for modules 7-2 supported fan modules 7-2 power supply modules 7-2 SFP/SFP+ 7-2 online insertion and removal. See OIR. 9-2 P password recovery appliances E-8 ASA 5500-X IPS SSP E-9 ASA 5585-X IPS SSP E-11 CLI E-13 described E-7 disabling E-13 displaying setting E-13 GRUB menu E-8 IPS 4260 E-8 IPS 4270-20 E-8 IPS 4345 E-8 IPS 4360 E-8 IPS 4510 E-8 IPS 4520 E-8 platforms E-7 ROMMON E-8 troubleshooting E-14 verifying E-13 patch releases described C-3 performance (IPS 4270-20) 5-2 physical connectivity issues E-29 physical interfaces configuration restrictions 1-12 ports Management 0/0 7-11 Management 0/1 7-11 SFP 7-12 SFP/SFP+ 9-12 power supplies described (IPS 4345) 6-16 describes (IPS 4360) 6-16 illustration (IPS 4345) 6-16 illustration (IPS 4560) 6-16 IPS 4260 installing 4-23 removing 4-23 IPS 4270-20 hot-pluggable 5-45 installing 5-45 redundant 5-45 removing 5-45 power supply guidelines 2-6 power supply indicator IPS 4345 6-17 IPS 4360 6-17 power supply indicators IPS 4260 4-9 IPS 4270-20 5-11 IPS 4510 7-6 IPS 4520 7-6 power supply modules hot-pluggable 7-16 installing (IPS 4510) 7-16 installing (IPS 4520) 7-16 OIR 7-16 redundant configuration 7-16 removing (IPS 4510) 7-16 removing (IPS 4520) 7-16 preparing for appliance installation 2-1 promiscuous mode atomic attacks 1-15 described 1-15 illustration 1-15 packet flow 1-15 SPAN ports 1-15 TCP reset interfaces 1-11 VACL capture 1-15 R rack mounting IPX 4345 6-10 rack-mounting IPS 4260 2-post 4-14 4-post 4-11 IPS 4270-20 extension 5-26 installation 5-18 requirements 5-17 IPS 4510 7-29 IPS 4520 7-29 racks airflow requirements 5-17 space requirements 5-17 rail system maximum rack depth 5-17 minimum rack depth 5-17 rack hole-types (illustration) 5-16 round holes 5-16 square holes 5-16 threaded holes 5-16 rail system kit cable management arm 5-29, 5-32 contents 5-17 IPS 4270-20 5-16 required tools 5-17 recover command D-11 recovering ASA 5500 AIP SSM E-59 recovering the application partition image D-11 recovery partition upgrade D-6 reimaging ASA 5500-X IPS SSP D-22 ASA 5585-X IPS SSP D-23 described D-2 IPS 4270-20 D-14 IPS 4345 D-16 IPS 4360 D-16 IPS 4510 D-19 IPS 4520 D-19 sensors D-2, D-11 removing ASA 5500 AIP SSM 8-7 ASA 5585-X IPS SSP 9-13 chassis cover (IPS 4260) 4-20 chassis cover (IPS 4270-20) 5-40 DC power supply (IPS 4360) 6-25 last applied service pack D-10 signature update D-10 replacing chassis cover IPS 4260 4-20 IPS 4270-20 5-40 requirements ASA 5500 AIP SSM 8-4 ASA 5585-X IPS SSP 9-4 racks airflow 5-17 space 5-17 reset not occurring for a signature E-50 resetting ASA 5500 AIP SSM E-58 passwords ASDM E-11, E-12 hw-module command E-11 sw-module command E-9 resetting the password ASA 5500-X IPS SSP E-9 ASA 5585-X IPS SSP E-11 restoring the current configuration E-4 RJ-45 to DB-9 cable pinouts F-3 ROMMON ASA 5585-X IPS SSP D-25 described D-12 IPS 4270-20 D-14 IPS 4345 D-16, E-8 IPS 4360 D-16, E-8 IPS 4510 D-19, E-8 IPS 4520 D-19, E-8 password recovery E-8 remote sensors D-12 serial console port D-12 TFTP D-13 round-trip time. See RTT. RTT described D-13 TFTP limitation D-13 S scheduling automatic upgrades D-8 security information on Cisco Security Intelligence Operations C-8 sensing interfaces Analysis Engine 1-6 described 1-6 interface cards 1-6 modes 1-6 sensor license installing C-10 obtaining C-10 sensors access problems E-24 application partition image D-11 ASA 5500 AIP SSM 8-2 asymmetric traffic and disabling anomaly detection E-18 capturing traffic 1-1 command and control interfaces (list) 1-5 comprehensive deployment 1-1 Comprehensive Deployment Solutions (illustration) 1-1 corrupted SensorApp configuration E-34 disaster recovery E-6 downgrading D-10 electrical guidelines 2-3 IDS mode 1-1 incorrect NTP configuration 1-24, E-15 initializing B-1, B-4 interface support 1-6 IP address conflicts E-26 IPS mode 1-1 IPS tuning tips 1-3 logging in SSH A-7 Telnet A-7 loose connections 5-52, 7-33, E-22 misconfigured access lists E-26 models 1-19 network topology 1-3 no alerts E-31, E-56 not seeing packets E-32 NTP time synchronization 1-23, E-15 physical connectivity E-29 power supply guidelines 2-6 preventive maintenance E-2 reimaging D-2 sensing process not running E-28 setup command B-1, B-4, B-8 site guidelines 2-5 supported 1-19 TCP reset 1-2 time sources 1-23, E-14 troubleshooting software upgrades E-53 upgrading D-4 service account accessing E-5 cautions E-5 creating E-5 described E-5 service packs described C-3 service role A-1 session command ASA 5500 AIP SSM A-4 ASA 5500-X IPS SSP A-5 ASA 5585-X IPS SSP A-6 sessioning in ASA 5500 AIP SSM A-4 ASA 5500-X IPS SSP A-5 ASA 5585-X IPS SSP A-6 setting up terminal servers 1-22, A-3, D-13 setup automatic B-2 command B-1, B-4, B-8, B-13, B-17, B-21 simplified mode B-2 SFP+ modules described 7-10, 9-9 supported (table) 7-11, 9-9 SFP+ modules described 9-4 SFP/SFP+ port (illustration) 9-12 SFP modules described 7-10, 9-4, 9-9 supported (table) 7-11, 9-9 SFP port (illustration) 7-12 shallow rack installation (IPS 4270-20) 5-20 show events command E-102 show health command E-81 show interfaces command E-100 show module 1 details command E-58, E-64, E-76 show settings command E-13 show statistics command E-88, E-89 show statistics virtual-sensor command E-23, E-89 show tech-support command E-82 show version command E-86 signature engine update files described C-5 signatures TCP reset E-50 update files C-4 site guidelines for sensor installation 2-5 SNMP supported MIBs E-17 software bypass supported configurations 4-5, 5-6 with hardware bypass 4-5, 5-6 software downloads Cisco.com C-1 software file names recovery (illustration) C-5 signature/virus updates (illustration) C-4 signature engine updates (illustration) C-5 system image (illustration) C-5 software release examples platform-dependent C-6 platform identifiers C-7 platform-independent C-6 software updates supported FTP servers D-2 supported HTTP/HTTPS servers D-2 SPAN appliances 1-21 port issues E-29 specifications ASA 5500 AIP SSM 8-4 IPS 4240 3-4 IPS 4255 3-4 IPS 4260 4-9 IPS 4270-20 5-15 IPS 4345 6-2 IPS 4360 6-2 IPS 4510 7-8 IPS 4520 7-8 SSP-10 components 9-2 described 9-2 SSP-20 components 9-3 described 9-3 SSP-40 components 9-3 described 9-3 SSP-60 components 9-3 described 9-3 SSP in slot 2 9-9 statistic display E-89 subinterface 0 described 1-18 supported FTP servers D-2 HTTP/HTTPS servers D-2 SwitchApp described 7-34 Switched Port Analyzer see SPAN switches and TCP reset interfaces 1-12 sw-module module slot_number password-reset command E-9 System Configuration Dialog described B-2 example B-2 system images installing ASA 5500-X IPS SSP D-22 ASA 5585-X IPS SSP D-23 IPS 4270-20 D-14 IPS 4345 D-16 IPS 4360 D-16 IPS 4510 D-19 IPS 4520 D-19 T T-15 Torx screwdriver (IPS 4270-20) 5-46 TAC service account E-5 show tech-support command E-82 TCP reset interfaces conditions 1-12 described 1-11 list 1-11 promiscuous mode 1-11 switches 1-12 TCP resets not occurring E-50 signature actions 1-2 tech support information display E-82 terminal server setup 1-22, A-3, D-13 testing fail-over 4-5, 5-6 TFTP servers recommended UNIX D-13 Windows D-13 RTT D-13 time correction on the sensor 1-24, E-16 sensors 1-23, E-14 time sources appliances 1-23, E-15 ASA 5500-X IPS SSP 1-23, E-15 ASA 5585-X IPS SSP 1-23, E-15 trial license key C-9 troubleshooting E-1 Analysis Engine busy E-55 applying software updates E-52 ARC blocking not occurring for signature E-41 device access issues E-39 enabling SSH E-41 inactive state E-37 misconfigured master blocking sensor E-42 verifying device interfaces E-40 ASA 5500 AIP SSM commands E-58 debugging E-59 failover scenarios E-60 recovering E-59 reset E-58 ASA 5500-X IPS SSP commands E-64 failover scenarios E-63 ASA 5585-X IPS SSP commands E-76 failover scenarios E-74 traffic flow stopped E-76 automatic updates E-52 cannot access sensor E-24 cidDump E-105 cidLog messages to syslog E-49 communication E-23 corrupted SensorApp configuration E-34 debug logger zone names (table) E-48 debug logging E-44 Diagnostic Panel (IPS 4270-20) 5-42 disaster recovery E-6 duplicate sensor IP addresses E-26 enabling debug logging E-44 external product interfaces E-21 gathering information E-80 global correlation E-18 IDM cannot access sensor E-55 will not load E-54 IME time synchronization E-57 IPS clock time drift 1-23, E-15 manual block to bogus host E-41 misconfigured access list E-26 no alerts E-31, E-56 NTP E-50 password recovery E-14 physical connectivity issues E-29 preventive maintenance E-2 reset not occurring for a signature E-50 sensing process not running E-28 sensor events E-102 sensor loose connections 5-52, 7-33, E-22 sensor not seeing packets E-32 sensor software upgrade E-53 service account E-5 show events command E-101 show interfaces command E-100 show statistics command E-88 show tech-support command E-82, E-83 show version command E-85, E-86 software upgrades E-51 SPAN port issue E-29 upgrading E-51 verifying Analysis Engine is running E-19 verifying ARC status E-36 tuning IPS 1-3 tips 1-3 U unassigned VLAN groups described 1-18 unauthenticated NTP 1-23, E-14 uninstalling the license key C-15 upgrade command D-3, D-6 upgrade notes and caveatsu(pgrading IPS software) D-1 upgrading application partition D-11 latest version E-51 recovery partition D-6 sensors D-4 upgrading IPS software (upgrade notes and caveats) D-1 URLs for Cisco Security Intelligence Operations C-8 using debug logging E-44 TCP reset interfaces 1-12 V verifying ASA 5585-X IPS SSP installation 9-13 NTP configuration 1-24 password recovery E-13 sensor initialization B-25 sensor setup B-25 version display E-86 viewing license key status C-9 virtualization advantages E-16 restrictions E-17 supported sensors E-17 traffic capture requirements E-17 VLAN groups 802.1q encapsulation 1-18 configuration restrictions 1-14 deploying 1-18 described 1-18 switches 1-18 W warning circuit breaker 6-20 exposed DC wire 6-22
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks