Manual De UsuarioTabla de contenidosCisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.11About This Guide15Contents15Audience15Comply with Local and National Electrical Codes16Organization17Conventions18Related Documentation18Obtaining Documentation and Submitting a Service Request19Introducing the Sensor21Contents21How the Sensor Functions21Capturing Network Traffic21Your Network Topology23Correctly Deploying the Sensor23Tuning the IPS23Sensor Interfaces24Understanding Sensor Interfaces24Command and Control Interface25Sensing Interfaces26Interface Support26TCP Reset Interfaces31Interface Restrictions32Interface Modes34Promiscuous Mode35IPv6, Switches, and Lack of VACL Capture35Inline Interface Pair Mode36Inline VLAN Pair Mode37VLAN Group Mode38Deploying VLAN Groups38Supported Sensors39IPS Appliances40Introducing the IPS Appliance41Appliance Restrictions42Connecting an Appliance to a Terminal Server42Time Sources and the Sensor43The Sensor and Time Sources43Synchronizing IPS Module System Clocks with the Parent Device System Clock43Verifying the Sensor is Synchronized with the NTP Server44Correcting the Time on the Sensor44Preparing the Appliance for Installation47Installation Preparation47Safety Recommendations48Safety Guidelines48Electricity Safety Guidelines48Preventing Electrostatic Discharge Damage49Working in an ESD Environment50General Site Requirements51Site Environment51Preventive Site Configuration51Power Supply Considerations52Configuring Equipment Racks52Installing the IPS 4240 and IPS 425553Contents53Installation Notes and Caveats53Product Overview54Front and Back Panel Features55Specifications56Connecting the IPS 4240 to a Cisco 7200 Series Router57Accessories57Rack Mounting58Installing the IPS 4240 and IPS 425559Installing the IPS 4240-DC62Installing the IPS 426067Contents67Installation Notes and Caveats67Product Overview68Supported Interface Cards69Hardware Bypass704GE Bypass Interface Card71Hardware Bypass Configuration Restrictions71Hardware Bypass and Link Changes and Drops72Front and Back Panel Features73Specifications75Accessories76Rack Mounting76Installing the IPS 4260 in a 4-Post Rack77Installing the IPS 4260 in a 2-Post Rack80Installing the IPS 426082Removing and Replacing the Chassis Cover85Installing and Removing Interface Cards87Installing and Removing the Power Supply89Installing the IPS 4270-2093Contents93Installation Notes and Caveats93Product Overview94Supported Interface Cards96Hardware Bypass974GE Bypass Interface Card98Hardware Bypass Configuration Restrictions98Hardware Bypass and Link Changes and Drops99Front and Back Panel Features100Diagnostic Panel106Specifications107Accessories108Installing the Rail System Kit108Understanding the Rail System Kit108Rail System Kit Contents109Space and Airflow Requirements109Installing the IPS 4270-20 in the Rack110Extending the IPS 4270-20 from the Rack118Installing the Cable Management Arm120Converting the Cable Management Arm124Installing the IPS 4270-20127Removing and Replacing the Chassis Cover131Accessing the Diagnostic Panel134Installing and Removing Interface Cards135Installing and Removing the Power Supply137Installing and Removing Fans142Troubleshooting Loose Connections144Installing the IPS 4345 and IPS 4360145Contents145Installation Notes and Caveats145Product Overview146Specifications146Accessories148Front and Back Panel Features149Rack Mount Installation153Rack-Mounting Guidelines153Installing the IPS 4345 in a Rack154Mounting the IPS 4345 and IPS 4360 in a Rack with the Slide Rail Mounting System155Installing the Appliance on the Network156Removing and Installing the Power Supply159Understanding the Power Supplies159Removing and Installing the AC Power Supply161Installing DC Input Power164Removing and Installing the DC Power Supply169Installing the IPS 4510 and IPS 4520171Contents171Installation Notes and Caveats171Product Overview172Front and Back Panel Features173Specifications178Accessories179Memory Configurations180Power Supply Module Requirements180Supported SFP/SFP+ Modules180Installing the IPS 4510 and IPS 4520181Removing and Installing the Core IPS SSP184Removing and Installing the Power Supply Module186Removing and Installing the Fan Module188Installing the Slide Rail Kit Hardware189Installing and Removing the Slide Rail Kit190Package Contents191Installing the Chassis in the Rack191Removing the Chassis from the Rack197Rack-Mounting the Chassis Using the Fixed Rack Mount199Installing the Cable Management Brackets202Troubleshooting Loose Connections203IPS 4500 Series Sensors and the SwitchApp204Installing and Removing the ASA 5500 AIP SSM205Contents205Installation Notes and Caveats205Product Overview206Specifications208Memory Specifications208Hardware and Software Requirements208Indicators209Installation and Removal Instructions209Installing the ASA 5500 AIP SSM209Verifying the Status of the ASA 5500 AIP SSM211Removing the ASA 5500 AIP SSM211Installing and Removing the ASA 5585-X IPS SSP213Contents213Installation Notes and Caveats213Introducing the ASA 5585-X IPS SSP214Specifications215Hardware and Software Requirements216Front Panel Features216Memory Requirements220SFP/SFP+ Modules221Installing the ASA 5585-X IPS SSP221Installing SFP/SFP+ Modules223Verifying the Status of the ASA 5585-X IPS SSP224Removing and Replacing the ASA 5585-X IPS SSP225Logging In to the Sensor229Contents229Supported User Roles229Logging In to the Appliance230Connecting an Appliance to a Terminal Server231Logging In to the ASA 5500 AIP SSP232Logging In to the ASA 5500-X IPS SSP233Logging In to the ASA 5585-X IPS SSP234Logging In to the Sensor235Initializing the Sensor237Contents237Understanding Initialization237Simplified Setup Mode238System Configuration Dialog238Basic Sensor Setup240Advanced Setup243Advanced Setup for the Appliance243Advanced Setup for the ASA 5500 AIP SSM249Advanced Setup for the ASA 5500-X IPS SSP253Advanced Setup for the ASA 5585-X IPS SSP257Verifying Initialization260Obtaining Software263Contents263Obtaining Cisco IPS Software263IPS 7.1 Files264IPS Software Versioning265IPS Software Release Examples268Accessing IPS Documentation269Cisco Security Intelligence Operations270Obtaining a License Key From Cisco.com270Understanding Licensing271Service Programs for IPS Products271Obtaining and Installing the License Key Using the IDM or the IME272Obtaining and Installing the License Key Using the CLI273Obtaining a License for the IPS 4270-20276Licensing the ASA 5500-X IPS SSP277Uninstalling the License Key277Upgrading, Downgrading, and Installing System Images279Contents279System Image Notes and Caveats279Upgrades, Downgrades, and System Images280Supported FTP and HTTP/HTTPS Servers280Upgrading the Sensor281IPS 7.1 Upgrade Files281Upgrade Notes and Caveats281Manually Upgrading the Sensor281Upgrading the Recovery Partition284Configuring Automatic Upgrades284Understanding Automatic Upgrades285Automatically Upgrading the Sensor285Downgrading the Sensor288Recovering the Application Partition289Installing System Images290ROMMON290TFTP Servers291Connecting an Appliance to a Terminal Server291Installing the IPS 4270-20 System Image292Installing the IPS 4345 and IPS 4360 System Images294Installing the IPS 4510 and IPS 4520 System Image297Installing the ASA 5500-X IPS SSP System Image299Installing the ASA 5585-X IPS SSP System Image301Installing the ASA 5585-X IPS SSP System Image Using the hw-module Command301Installing the ASA 5585-X IPS SSP System Image Using ROMMON303Troubleshooting307Contents307Preventive Maintenance307Understanding Preventive Maintenance308Creating and Using a Backup Configuration File308Backing Up and Restoring the Configuration File Using a Remote Server309Creating the Service Account311Disaster Recovery312Recovering the Password313Understanding Password Recovery313Recovering the Password for the Appliance314Using the GRUB Menu314Using ROMMON314Recovering the ASA 5500-X IPS SSP Password315Recovering the ASA 5585-X IPS SSP Password317Disabling Password Recovery319Verifying the State of Password Recovery319Troubleshooting Password Recovery320Time Sources and the Sensor320Time Sources and the Sensor320Synchronizing IPS Module Clocks with Parent Device Clocks321Verifying the Sensor is Synchronized with the NTP Server321Correcting Time on the Sensor322Advantages and Restrictions of Virtualization322Supported MIBs323When to Disable Anomaly Detection324Troubleshooting Global Correlation324Analysis Engine Not Responding325Troubleshooting External Product Interfaces326External Product Interfaces Issues326External Product Interfaces Troubleshooting Tips327Troubleshooting the Appliance327The Appliance and Jumbo Packet Frame Size328Hardware Bypass and Link Changes and Drops328Troubleshooting Loose Connections328Analysis Engine is Busy329Communication Problems329Cannot Access the Sensor CLI Through Telnet or SSH330Correcting a Misconfigured Access List332Duplicate IP Address Shuts Interface Down332The SensorApp and Alerting334The SensorApp Is Not Running334Physical Connectivity, SPAN, or VACL Port Issue335Unable to See Alerts337Sensor Not Seeing Packets338Cleaning Up a Corrupted SensorApp Configuration340Blocking341Troubleshooting Blocking341Verifying ARC is Running342Verifying ARC Connections are Active343Device Access Issues345Verifying the Interfaces and Directions on the Network Device346Blocking Not Occurring for a Signature347Verifying the Master Blocking Sensor Configuration348Logging350Enabling Debug Logging350Zone Names354Directing cidLog Messages to SysLog355TCP Reset Not Occurring for a Signature356Software Upgrades357Upgrading and Analysis Engine357Which Updates to Apply and Their Prerequisites358Issues With Automatic Update358Updating a Sensor with the Update Stored on the Sensor359Troubleshooting the IDM360Cannot Launch IDM - Loading Java Applet Failed360Cannot Launch the IDM-the Analysis Engine Busy361The IDM, Remote Manager, or Sensing Interfaces Cannot Access the Sensor361Signatures Not Producing Alerts362Troubleshooting the IME362Time Synchronization on the IME and the Sensor363Not Supported Error Message363Troubleshooting the ASA 5500 AIP SSM363Health and Status Information364Failover Scenarios366The ASA 5500 AIP SSM and the Normalizer Engine367The ASA 5500 AIP SSM and the Data Plane368The ASA 5500 AIP SSM and Jumbo Packet Frame Size368The ASA 5500 AIP SSM and Jumbo Packets368TCP Reset Differences Between IPS Appliances and ASA IPS Modules368Troubleshooting the ASA 5500-X IPS SSP369Failover Scenarios369Health and Status Information370The ASA 5500-X IPS SSP and the Normalizer Engine378The ASA 5500-X IPS SSP and Memory Usage379The ASA 5500-X IPS SSP and Jumbo Packet Frame Size379The ASA 5500-X IPS SSP and Jumbo Packets379TCP Reset Differences Between IPS Appliances and ASA IPS Modules380Troubleshooting the ASA 5585-X IPS SSP380Failover Scenarios380Traffic Flow Stopped on IPS Switchports382Health and Status Information382The ASA 5585-X IPS SSP and the Normalizer Engine385The ASA 5585-X IPS SSP and Jumbo Packet Frame Size386The ASA 5585-X IPS SSP and Jumbo Packets386Gathering Information386Health and Network Security Information387Tech Support Information388Understanding the show tech-support Command388Displaying Tech Support Information388Tech Support Command Output389Version Information391Understanding the show version Command392Displaying Version Information392Statistics Information394Understanding the show statistics Command394Displaying Statistics395Interfaces Information406Understanding the show interfaces Command406Interfaces Command Output407Events Information407Sensor Events408Understanding the show events Command408Displaying Events408Clearing Events411cidDump Script411Uploading and Accessing Files on the Cisco FTP Site412Cable Pinouts413Contents41310/100BaseT and 10/100/1000BaseT Connectors413Console Port (RJ-45)414RJ-45 to DB-9 or DB-25415Glossary417Index443Tamaño: 20 MBPáginas: 460Language: EnglishManuales abiertas