Cisco Cisco Firepower Management Center 4000 Installation Guide
5-6
Cisco NGIPS for Blue Coat X-Series Installation and Configuration Guide
Chapter 5 Managing Cisco NGIPS for Blue Coat X-Series
Changing Application Monitoring Status
To change the Unique NAT
ID:
Step 1
From the Configuration Menu, select
4 Configure the NAT ID
to change the Unique NAT ID.
Step 2
When prompted, enter the unique NAT ID.
If there are multiple VAPs in the VAP group, enter the NAT ID for each VAP in the VAP group.
Step 3
From the Configuration Menu, select
5 Exit
to quit.
Changing Application Monitoring Status
Application monitoring tracks whether your VAPs are running and halts load balancing of new flows to
VAPs with failed VAPs.
VAPs with failed VAPs.
If application monitoring is enabled (the default) for a VAP group, the operational state for a VAP can
be either
be either
up
or
down
. An operational state of
up
indicates that all the VAP are running. With application
monitoring enabled, an operational state of
down
indicates that at least one of the VAP has failed, or that
Cisco NGIPS for Blue Coat X-Series running on the VAP group was stopped manually.
If application monitoring is disabled, the X-Series platform displays the operational state as
Not
Monitored
and sends flows to the VAP, regardless of the actual operational state.
You may want to disable application monitoring in a few situations, including:
•
deployments where you are using more than one interface per VAP
In this situation, if you disable application monitoring and an interface fails, the X-Series platform
continues to send flows to the VAP and the other interfaces on the VAP can continue their analysis.
However, note that flows directed to the failed interface will not be analyzed.
continues to send flows to the VAP and the other interfaces on the VAP can continue their analysis.
However, note that flows directed to the failed interface will not be analyzed.
On the other hand, if you are taking advantage of the load balancing and redundancy benefits of the
X-Series platform by deploying intrusion prevention on multiple identically-configured VAPs, you
may want to leave application monitoring enabled. You may experience some packet loss as old
flows directed to the degraded VAP time out, but the X-Series platform will load-balance new flows
to the other VAPs in the VAP group.
X-Series platform by deploying intrusion prevention on multiple identically-configured VAPs, you
may want to leave application monitoring enabled. You may experience some packet loss as old
flows directed to the degraded VAP time out, but the X-Series platform will load-balance new flows
to the other VAPs in the VAP group.
•
if you have deployed Cisco NGIPS for Blue Coat X-Series inline, and you need to stop the
application on the VAP group
application on the VAP group
This avoids the situation where the X-Series platform halts traffic to the VAP group when you stop
the application. Halting traffic in an inline deployment can cause a network outage.
the application. Halting traffic in an inline deployment can cause a network outage.
To check and change application monitoring status:
Step 1
Check the application monitoring state by entering the following command:
show vap
-
group vap_group_name
where
vap_group_name
is the name of the VAP group where Cisco NGIPS for Blue Coat X-Series is
installed.
Locate
Application Monitoring (true/false):
near the bottom of the output and ensure that state is
:
t
(for true)
Step 2
If application monitoring is disabled and you to enable it, enter the command:
configure vap-group vap_group_name application-monitor
Step 3
If application monitoring is enabled and you to disable it, enter the command:
configure vap-group vap_group_name no application-monitor