Sensor Setup Window
TIn the Sensor Setup window, you can configure the sensor for basic operation. Most of the fields will already be populated because you assigned the values during initialization. But you can change them here if needed.
Field Definitions
The following fields are found in the Sensor Setup window:
- Network Settings—Lets you set the network settings of the sensor:
– Host Name—Specifies the name of the sensor. The hostname can be a string of 1 to 64 characters that matches the pattern ^[A-Za-z0-9_/-]+$. The default is sensor. You receive an error message if the name contains a space or exceeds 64 alphanumeric characters.
– IP Address—Specifies the IP address of the sensor. The default is 192.168.1.2.
– Subnet Mask—Specifies the mask corresponding to the IP address. The default is 255.255.255.0.
– Gateway—Specifies the default gateway address. The default is 192.168.1.1.
– HTTP Proxy Server—Lets you enter an HTTP proxy server IP address. You may need proxy servers to download global correlation updates if customer networks use proxy in their networks.
– HTTP Proxy Port—Lets you enter the port number for the HTTP proxy server.
– DNS Primary—Lets you enter the primary DNS server IP address.
Caution For global correlation to function, you must have either a DNS server or an HTTP proxy server configured at all times.
Caution DNS resolution is supported only for accessing the global correlation update server.
- Allowed hosts/networks that can access the sensor—Lets you add ACLs:
– Network—Specifies the IP address of the network you want to add to the access list.
– Mask—Specifies the netmask of the network you want to add to the access list.
Note If you change the sensor ACL entries, the IME may lose connection to the sensor when the changes are applied.
- Network Participation—Lets you chose to participate in sending data to the SensorBase Network and at which level you want to participate:
– Off—No data is contributed to the SensorBase Network.
– Partial—Data is contributed to the SensorBase Network, but data considered potentially sensitive is filtered out and never sent.
– Full—All data is contributed to the SensorBase Network.
Configuring Sensor Settings
To configure sensor settings in the Startup Wizard, follow these steps:
Step 1
Log in to the IME using an account with administrator privileges.
Step 2 Choose Configuration > sensor_name > Sensor Setup > Startup Wizard > Launch Startup Wizard , and then click Next .
Step 3 In the Host Name field, enter the sensor name.
Step 4 In the IP Address field, enter the sensor IP address.
Step 5 In the Subnet Mask field, enter the network mask address.
Step 6 In the Gateway field, enter the default gateway address.
Note If you change the sensor network settings, the IME loses connection to the sensor when the changes are applied.
Step 7 To configure either an HTTP proxy server or a DNS server to support global correlation, enter the HTTP proxy server IP address in the HTTP Proxy Server field and the port number in the HTTP Proxy Port field, or enter the DNS server IP address in the DNS Primary field. If you do not want to turn on global correlation, click OK on the following Warning dialog box:
Global correlation requires either an HTTP proxy server or at least one DNS server.
If you are using a DNS server, you must configure at least one DNS server and it must be reachable for global correlation updates to be successful. You can configure other DNS servers as backup servers. DNS queries are sent to the first server in the list. If it is unreachable, DNS queries are sent to the next configured DNS server.
Caution For global correlation to function, you must have either a DNS server or an HTTP proxy server configured at all times.
Caution DNS resolution is supported only for accessing the global threat correlation update server.
Step 8 To configure the hosts and networks that are allowed to access the sensor, click Add :
a. In the IP Address field, enter the IP address of the host you want to have access to the sensor.
b. In the Network Mask field, enter the network mask address of the host you want to have access to the sensor.
c. Click OK .
Tip To discard your changes and close the Add ACL Entry dialog box, click Cancel.
Step 9 To enable network participation, select the degree of network participation that you want:
- Off—No data is contributed to the SensorBase Network.
- Partial—Data is contributed to the SensorBase Network, but data considered potentially sensitive is filtered out and never sent.
- Full—All data is contributed to the SensorBase Network.
Note The default is Off. If you chose Partial or Full, you must agree to the Network Participation Disclaimer.
Tip To discard your changes and close the Sensor Setup window, click Cancel.
Step 10 Click Next to continue to the next Setup window.
Step 11 Under Current Sensor Date and Time, select the current date and time from the drop-down calendar, and then click OK , and then click Apply Date/Time to Sensor . Date and time indicate the date and time on the local host.
Caution If you accidentally specify the incorrect time, stored events have the wrong time stamp. You must clear the events.
Note If you cancel the Startup Wizard, the date and time changes remain.
Note You cannot change the date or time on IPS modules or if you have configured NTP.
Step 12 Under Time Zone, configure the time zone and offset:
a. In the Zone Name field, choose a time zone from the drop- down list, or enter one that you have created. This is the time zone to be displayed when summertime hours are not in effect.
b. In the Offset field, enter the offset in minutes from UTC. If you choose a predefined time zone name, this field is automatically populated.
Note Changing the time zone offset requires the sensor to reboot.
Step 13 If you are using NTP synchronization, under NTP Server enter the following:
- The IP address of the NTP server in the IP Address field.
- If using authenticated NTP, check the Authenticated NTP check box, and then enter the key of the NTP server in the Key field, and the key ID of the NTP server in the Key ID field.
Note If you define an NTP server, the sensor time is set by the NTP server. The CLI clock set command produces an error, but time zone and daylight saving time parameters are valid.
Step 14 To enable daylight saving time, check the Enable Summertime check box, and then click Configure Summertime .
Step 15 Choose the Summer Zone Name from the drop-down list or enter one that you have created. This is the name to be displayed when daylight saving time is in effect.
Step 16 In the Offset field, enter the number of minutes to add during summertime. If you choose a predefined summer zone name, this field is automatically populated.
Step 17 In the Start Time field, enter the time to apply summertime settings.
Step 18 In the End Time field, enter the time to remove summertime settings.
Step 19 Under Summertime Duration, choose whether summertime settings will occur on specified days each year (recurring) or whether they will start and end on specific dates (date):
a. Recurring—Choose the Start and End times from the drop-down lists. The default is the second Sunday in March and the first Sunday in November.
b. Date—Choose the Start and End time from the drop-down lists. The default is January 1 for the start and end time.
Step 20 Click OK .
Tip To discard your changes, click Cancel.
Step 21 Click Next to continue through the Startup Wizard.
Note Changing the network settings may disrupt your connection to the sensor and force you to reconnect with the new address.