Cisco Cisco Expressway Maintenance Manual
■
Addresses are blocked against only the peer on which the access failures occurred. This means that if an
address is blocked against one peer it may still be able to attempt to access another peer (from which it may
too become blocked).
address is blocked against one peer it may still be able to attempt to access another peer (from which it may
too become blocked).
■
A blocked address can only be unblocked for the current peer. If an address is blocked by another peer, you
must log in to that peer and then unblock it.
must log in to that peer and then unblock it.
■
Category settings and the exemption list are applied across the cluster.
■
The statistics displayed on the Automated detection overview page are for the current peer only.
Additional Information
■
When a host address is blocked and tries to access the system, the request is dropped (the host receives no
response).
response).
■
A host address can be blocked simultaneously for multiple categories, but may not necessarily be blocked by
all categories. Those blocks may also expire at different times.
all categories. Those blocks may also expire at different times.
■
When an address is unblocked (either manually or after its block duration expires), it has to fail again for the
full number of times as specified by the category's trigger level before it will be blocked for a second time by
that category.
full number of times as specified by the category's trigger level before it will be blocked for a second time by
that category.
■
A category is reset whenever it is enabled. All categories are reset if the system is restarted or if the
automated protection service is enabled at the system level. When a category is reset:
automated protection service is enabled at the system level. When a category is reset:
—
Any currently blocked addresses are unblocked.
—
Its running totals of failures and blocks are reset to zero.
■
You can view all Event Log entries associated with the automated protection service by clicking View all
intrusion protection events on the Automated detection overview page.
intrusion protection events on the Automated detection overview page.
Network Services
Configuring System Name and Access Settings
The System administration page (System > Administration) is used to configure the name of the Expressway and
the means by which it is accessed by administrators.
the means by which it is accessed by administrators.
System Settings
System name
The System name is used to identify the Expressway. It appears in various places in the web interface, and in the
display on the front panel of the unit (so that you can identify it when it is in a rack with other systems). The System
name is also used by Cisco TMS.
display on the front panel of the unit (so that you can identify it when it is in a rack with other systems). The System
name is also used by Cisco TMS.
We recommend that you give the Expressway a name that allows you to easily and uniquely identify it.
Ephemeral port range
You can specify the Ephemeral port range start and end values. This defines the port range to use for ephemeral
outbound connections not otherwise constrained by Expressway call processing.
outbound connections not otherwise constrained by Expressway call processing.
The default range is 30000 to 35999.
Administration Access Settings
While you can administer the Expressway via a PC connected directly to the unit via a serial cable, you may want to
access the system remotely over IP. You can do this using either the web interface (via HTTPS) or through a
command line interface (via SSH).
access the system remotely over IP. You can do this using either the web interface (via HTTPS) or through a
command line interface (via SSH).
The configurable options are:
26
Cisco Expressway Administrator Guide