Installation Guide
Page 1
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-18504-01
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-18504-01
Installation Guide
Page 2
... This equipment has been tested and found to comply with the instruction manual, may cause harmful interference to provide reasonable protection against harmful interference in a particular installation. Any examples, command display output, and figures included in the U.S. ALL ... with the limits for illustrative purposes only. and other company. (1110R) Any Internet Protocol (IP) addresses used in a commercial environment. Cisco Intrusion Prevention System Appliance and Module Installation Guide for FCC compliance of the following information is unintentional and...
... This equipment has been tested and found to comply with the instruction manual, may cause harmful interference to provide reasonable protection against harmful interference in a particular installation. Any examples, command display output, and figures included in the U.S. ALL ... with the limits for illustrative purposes only. and other company. (1110R) Any Internet Protocol (IP) addresses used in a commercial environment. Cisco Intrusion Prevention System Appliance and Module Installation Guide for FCC compliance of the following information is unintentional and...
Installation Guide
Page 3
... the Sensor 1-1 How the Sensor Functions 1-1 Capturing Network Traffic 1-1 Your Network Topology 1-3 Correctly Deploying the Sensor 1-3 Tuning the IPS 1-3 Sensor Interfaces 1-4 Understanding Sensor Interfaces 1-4 Command and Control Interface 1-5 Sensing Interfaces 1-6 Interface Support 1-6 TCP Reset Interfaces 1-9 Interface... Mode 1-15 Deploying VLAN Groups 1-16 Supported Sensors 1-17 IPS Appliances 1-18 Introducing the IPS Appliance 1-18 Appliance Restrictions 1-19 Connecting an Appliance to a Terminal Server 1-19 Cisco Intrusion Prevention System Appliance and Module Installation Guide for...
... the Sensor 1-1 How the Sensor Functions 1-1 Capturing Network Traffic 1-1 Your Network Topology 1-3 Correctly Deploying the Sensor 1-3 Tuning the IPS 1-3 Sensor Interfaces 1-4 Understanding Sensor Interfaces 1-4 Command and Control Interface 1-5 Sensing Interfaces 1-6 Interface Support 1-6 TCP Reset Interfaces 1-9 Interface... Mode 1-15 Deploying VLAN Groups 1-16 Supported Sensors 1-17 IPS Appliances 1-18 Introducing the IPS Appliance 1-18 Appliance Restrictions 1-19 Connecting an Appliance to a Terminal Server 1-19 Cisco Intrusion Prevention System Appliance and Module Installation Guide for...
Installation Guide
Page 4
... the IPS 4255 2-1 Introducing the IPS 4240 and the IPS 4255 2-1 Front and Back Panel Features 2-2 Specifications 2-4 Connecting the IPS 4240 to a Cisco 7200 Series Router 2-5 Accessories 2-5 Important Safety Instructions 2-5 Rack Mounting 2-6 Installing the IPS 4240 and the IPS 4255 2-7 Installing the IPS 4240-DC 2-10 3 C H A P T E R Installing the IPS 4260 3-1 Introducing the IPS 4260 3-1 Supported Interface Cards 3-2 Hardware Bypass 3-4 4GE Bypass Interface Card 3-4 Cisco Intrusion...
... the IPS 4255 2-1 Introducing the IPS 4240 and the IPS 4255 2-1 Front and Back Panel Features 2-2 Specifications 2-4 Connecting the IPS 4240 to a Cisco 7200 Series Router 2-5 Accessories 2-5 Important Safety Instructions 2-5 Rack Mounting 2-6 Installing the IPS 4240 and the IPS 4255 2-7 Installing the IPS 4240-DC 2-10 3 C H A P T E R Installing the IPS 4260 3-1 Introducing the IPS 4260 3-1 Supported Interface Cards 3-2 Hardware Bypass 3-4 4GE Bypass Interface Card 3-4 Cisco Intrusion...
Installation Guide
Page 5
...Replacing the Chassis Cover 3-18 Installing and Removing Interface Cards 3-20 Installing and Removing the Power Supply 3-22 Installing the IPS 4270-20 4-1 Introducing the IPS 4270-20 4-2 Supported Interface Cards 4-3 Hardware Bypass 4-5 4GE Bypass Interface Card 4-5 Hardware Bypass Configuration Restrictions 4-6 Hardware ... Extending the IPS 4270-20 from the Rack 4-25 Installing the Cable Management Arm 4-28 Converting the Cable Management Arm 4-31 Installing the IPS 4270-20 4-35 Removing and Replacing the Chassis Cover 4-38 Accessing the Diagnostic Panel 4-41 Cisco Intrusion Prevention System ...
...Replacing the Chassis Cover 3-18 Installing and Removing Interface Cards 3-20 Installing and Removing the Power Supply 3-22 Installing the IPS 4270-20 4-1 Introducing the IPS 4270-20 4-2 Supported Interface Cards 4-3 Hardware Bypass 4-5 4GE Bypass Interface Card 4-5 Hardware Bypass Configuration Restrictions 4-6 Hardware ... Extending the IPS 4270-20 from the Rack 4-25 Installing the Cable Management Arm 4-28 Converting the Cable Management Arm 4-31 Installing the IPS 4270-20 4-35 Removing and Replacing the Chassis Cover 4-38 Accessing the Diagnostic Panel 4-41 Cisco Intrusion Prevention System ...
Installation Guide
Page 6
... 4-44 Installing and Removing Fans 4-49 Troubleshooting Loose Connections 4-51 5 C H A P T E R Installing the AIM IPS 5-1 Specifications 5-1 Before Installing the AIM IPS 5-2 Software and Hardware Requirements 5-2 Interoperability With Other IPS Modules 5-3 Restrictions 5-3 Hardware Interfaces 5-4 Installation and Removal Instructions 5-5 Verifying Installation 5-6 6 C H A P T E R...Tools 7-4 Slot Assignments 7-5 Installing the IDSM2 7-5 Verifying Installation 7-9 Removing the IDSM2 7-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 vi OL-18504-01
... 4-44 Installing and Removing Fans 4-49 Troubleshooting Loose Connections 4-51 5 C H A P T E R Installing the AIM IPS 5-1 Specifications 5-1 Before Installing the AIM IPS 5-2 Software and Hardware Requirements 5-2 Interoperability With Other IPS Modules 5-3 Restrictions 5-3 Hardware Interfaces 5-4 Installation and Removal Instructions 5-5 Verifying Installation 5-6 6 C H A P T E R...Tools 7-4 Slot Assignments 7-5 Installing the IDSM2 7-5 Verifying Installation 7-9 Removing the IDSM2 7-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 vi OL-18504-01
Installation Guide
Page 7
...7-14 Powering the IDSM2 Up and Down 7-15 Catalyst Software 7-15 Cisco IOS Software 7-16 Installing the NME IPS 8-1 Specifications 8-1 Before Installing the NME IPS 8-2 Software and Hardware Requirements 8-2 Interoperability With Other IPS Modules 8-3 Restrictions 8-3 Hardware Interfaces 8-4 Installation and Removal Instructions 8-5 ...In to the NME IPS 9-9 The NME IPS and the session Command 9-9 Sessioning In to the NME IPS 9-10 Logging In to the Sensor 9-11 Initializing the Sensor 10-1 Understanding Initialization 10-1 Simplified Setup Mode 10-1 Cisco Intrusion Prevention System Appliance and...
...7-14 Powering the IDSM2 Up and Down 7-15 Catalyst Software 7-15 Cisco IOS Software 7-16 Installing the NME IPS 8-1 Specifications 8-1 Before Installing the NME IPS 8-2 Software and Hardware Requirements 8-2 Interoperability With Other IPS Modules 8-3 Restrictions 8-3 Hardware Interfaces 8-4 Installation and Removal Instructions 8-5 ...In to the NME IPS 9-9 The NME IPS and the session Command 9-9 Sessioning In to the NME IPS 9-10 Logging In to the Sensor 9-11 Initializing the Sensor 10-1 Understanding Initialization 10-1 Simplified Setup Mode 10-1 Cisco Intrusion Prevention System Appliance and...
Installation Guide
Page 8
... E R Obtaining Software 11-1 Obtaining Cisco IPS Software 11-1 IPS Software Versioning 11-2 Software Release Examples 11-6 Upgrading Cisco IPS Software to 7.0 11-7 Accessing IPS Documentation 11-9 Cisco Security Intelligence Operations 11-9 Obtaining a License Key From Cisco.com 11-10 Understanding Licensing 11-10 Service Programs for IPS Products 11-11 Obtaining and Installing the ...12-8 Automatic Upgrade Examples 12-10 Downgrading the Sensor 12-11 Recovering the Application Partition 12-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 viii OL-18504-01
... E R Obtaining Software 11-1 Obtaining Cisco IPS Software 11-1 IPS Software Versioning 11-2 Software Release Examples 11-6 Upgrading Cisco IPS Software to 7.0 11-7 Accessing IPS Documentation 11-9 Cisco Security Intelligence Operations 11-9 Obtaining a License Key From Cisco.com 11-10 Understanding Licensing 11-10 Service Programs for IPS Products 11-11 Obtaining and Installing the ...12-8 Automatic Upgrade Examples 12-10 Downgrading the Sensor 12-11 Recovering the Application Partition 12-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 viii OL-18504-01
Installation Guide
Page 9
...an Appliance to a Terminal Server 12-14 Installing the IPS 4240 and IPS 4255 System Images 12-15 Installing the IPS 4260 System Image 12-18 Installing the IPS 4270-20 System Image 12-20 Installing the AIM IPS System Image 12-23 Installing the AIP SSM System ...Recovery A-6 Recovering the Password A-7 Understanding Password Recovery A-8 Recovering the Appliance Password A-8 Using the GRUB Menu A-8 Using ROMMON A-9 Recovering the AIM IPS Password A-10 Recovering the AIP SSM Password A-10 Recovering the IDSM2 Password A-13 Cisco Intrusion Prevention System Appliance and Module Installation Guide for...
...an Appliance to a Terminal Server 12-14 Installing the IPS 4240 and IPS 4255 System Images 12-15 Installing the IPS 4260 System Image 12-18 Installing the IPS 4270-20 System Image 12-20 Installing the AIM IPS System Image 12-23 Installing the AIP SSM System ...Recovery A-6 Recovering the Password A-7 Understanding Password Recovery A-8 Recovering the Appliance Password A-8 Using the GRUB Menu A-8 Using ROMMON A-9 Recovering the AIM IPS Password A-10 Recovering the AIP SSM Password A-10 Recovering the IDSM2 Password A-13 Cisco Intrusion Prevention System Appliance and Module Installation Guide for...
Installation Guide
Page 10
...15 Troubleshooting Password Recovery A-15 Time and the Sensor A-16 Time Sources and the Sensor A-16 Synchronizing IPS Module Clocks with Parent Device Clocks A-17 Verifying the Sensor is Synchronized with the NTP Server A-17 ... Link Changes and Drops A-24 Troubleshooting Loose Connections A-24 Analysis Engine is Busy A-25 Connecting the IPS 4240 to a Cisco 7200 Series Router A-25 Communication Problems A-26 Cannot Access the Sensor CLI Through Telnet or SSH A-26...A-43 Enabling SSH Connections to the Network Device A-43 Cisco Intrusion Prevention System Appliance and Module Installation Guide for...
...15 Troubleshooting Password Recovery A-15 Time and the Sensor A-16 Time Sources and the Sensor A-16 Synchronizing IPS Module Clocks with Parent Device Clocks A-17 Verifying the Sensor is Synchronized with the NTP Server A-17 ... Link Changes and Drops A-24 Troubleshooting Loose Connections A-24 Analysis Engine is Busy A-25 Connecting the IPS 4240 to a Cisco 7200 Series Router A-25 Communication Problems A-26 Cannot Access the Sensor CLI Through Telnet or SSH A-26...A-43 Enabling SSH Connections to the Network Device A-43 Cisco Intrusion Prevention System Appliance and Module Installation Guide for...
Installation Guide
Page 11
...and the Normalizer Engine A-69 Troubleshooting the AIM IPS and the NME IPS A-69 Interoperability With Other IPS Network Modules A-69 Gathering Information A-70 Health and Network Security Information A-70 Tech Support Information A-71 Cisco Intrusion Prevention System Appliance and Module Installation Guide for ...a Signature A-52 Software Upgrades A-53 Upgrading and Analysis Engine A-54 Which Updates to SysLog A-51 TCP Reset Not Occurring for IPS 7.0 xi Loading Java Applet Failed...
...and the Normalizer Engine A-69 Troubleshooting the AIM IPS and the NME IPS A-69 Interoperability With Other IPS Network Modules A-69 Gathering Information A-70 Health and Network Security Information A-70 Tech Support Information A-71 Cisco Intrusion Prevention System Appliance and Module Installation Guide for ...a Signature A-52 Software Upgrades A-53 Upgrading and Analysis Engine A-54 Which Updates to SysLog A-51 TCP Reset Not Occurring for IPS 7.0 xi Loading Java Applet Failed...
Installation Guide
Page 12
... A-88 Sensor Events A-88 Understanding the show events Command A-89 Displaying Events A-89 Clearing Events A-92 cidDump Script A-92 Uploading and Accessing Files on the Cisco FTP Site A-93 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 xii OL-18504-01
... A-88 Sensor Events A-88 Understanding the show events Command A-89 Displaying Events A-89 Clearing Events A-92 cidDump Script A-92 Uploading and Accessing Files on the Cisco FTP Site A-93 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 xii OL-18504-01
Installation Guide
Page 13
OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for experienced network security administrators who install and maintain Cisco IPS sensors, including the supported IPS appliances and modules. Use this guide in conjunction with local and national electrical ...Related Documentation, page xvi. Comply with Local and National Electrical Codes Warning Installation of the documentation set for Cisco Intrusion Prevention System 7.0. Varoitus Laitteisto tulee asentaa paikallisten ja kansallisten sähkömääräysten mukaisesti....
OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for experienced network security administrators who install and maintain Cisco IPS sensors, including the supported IPS appliances and modules. Use this guide in conjunction with local and national electrical ...Related Documentation, page xvi. Comply with Local and National Electrical Codes Warning Installation of the documentation set for Cisco Intrusion Prevention System 7.0. Varoitus Laitteisto tulee asentaa paikallisten ja kansallisten sähkömääräysten mukaisesti....
Installation Guide
Page 15
...IPS 4255. Elements in square brackets are in italic font. Describes how to upgrade sensors and reimage the various sensors. Contains troubleshooting tips for IPS 7.0 xv Describes how to the various sensors. Describes how to install the NME IPS Describes how to log in to install the IPS 4270-20. OL-18504-01 Cisco Intrusion... Prevention System Appliance and Module Installation Guide for IPS hardware and software. Preface Contents Organization This guide...
...IPS 4255. Elements in square brackets are in italic font. Describes how to upgrade sensors and reimage the various sensors. Contains troubleshooting tips for IPS 7.0 xv Describes how to the various sensors. Describes how to install the NME IPS Describes how to log in to install the IPS 4270-20. OL-18504-01 Cisco Intrusion... Prevention System Appliance and Module Installation Guide for IPS hardware and software. Preface Contents Organization This guide...
Installation Guide
Page 16
... information the system displays appear in Cisco IPS-4260 and IPS 4270-20 Cisco Intrusion Prevention System Appliance and Module Installation Guide for Cisco Intrusion Prevention System • Installing and Using Cisco Intrusion Prevention System Device Manager • Installing and Using Cisco Intrusion Prevention System Manager Express • Cisco Intrusion Prevention System Command Reference • Configuring the Cisco Intrusion Prevention System Sensor Using the Command...
... information the system displays appear in Cisco IPS-4260 and IPS 4270-20 Cisco Intrusion Prevention System Appliance and Module Installation Guide for Cisco Intrusion Prevention System • Installing and Using Cisco Intrusion Prevention System Device Manager • Installing and Using Cisco Intrusion Prevention System Manager Express • Cisco Intrusion Prevention System Command Reference • Configuring the Cisco Intrusion Prevention System Sensor Using the Command...
Installation Guide
Page 17
Preface Contents • Regulatory Compliance and Safety Information for IPS 7.0 xvii The RSS feeds are a free service and Cisco currently supports RSS Version 2.0. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting...
Preface Contents • Regulatory Compliance and Safety Information for IPS 7.0 xvii The RSS feeds are a free service and Cisco currently supports RSS Version 2.0. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting...
Installation Guide
Page 18
Contents Preface xviii Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
Contents Preface xviii Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01
Installation Guide
Page 19
... a complete list of sensors operating in either promiscuous or inline mode. In this guide, the term sensor refers to protect your network. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-1 Figure 1-1 on page 1-2 shows how you install the sensor. This chapter contains the following sections: • How the...
... a complete list of sensors operating in either promiscuous or inline mode. In this guide, the term sensor refers to protect your network. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-1 Figure 1-1 on page 1-2 shows how you install the sensor. This chapter contains the following sections: • How the...
Installation Guide
Page 20
.... Additionally, TCP resets are enabled by default on non-TCP-based services, no action is always Ethernet. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-2 OL-18504-01 Because this interface is used to tear down an offending session because of limitations ... Insert TCP resets via the sensing interface. SSH and TLS/SSL are not guaranteed to protect the manager workstation. When responding to deliver IDS services outside router and IPS services inside the firewall Campus core 148416 The command and control interface is taken. If ...
.... Additionally, TCP resets are enabled by default on non-TCP-based services, no action is always Ethernet. Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 1-2 OL-18504-01 Because this interface is used to tear down an offending session because of limitations ... Insert TCP resets via the sensing interface. SSH and TLS/SSL are not guaranteed to protect the manager workstation. When responding to deliver IDS services outside router and IPS services inside the firewall Campus core 148416 The command and control interface is taken. If ...
Installation Guide
Page 21
... drop actions to your sensor will have thousands of alerts (in Cisco IPS devices since Cisco IPS devices are a by several thousands a day. • Deploy the sensor with a very high security protection posture. Proper sensor placement can use to give your network. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for example, the...
... drop actions to your sensor will have thousands of alerts (in Cisco IPS devices since Cisco IPS devices are a by several thousands a day. • Deploy the sensor with a very high security protection posture. Proper sensor placement can use to give your network. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for example, the...