Installation Guide
Page 1
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-18504-01
Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 Text Part Number: OL-18504-01
Installation Guide
Page 2
... • Connect the equipment into an outlet on , users are encouraged to try to provide reasonable protection against harmful interference in this URL: www.cisco.com/go/trademarks. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. IF YOU ARE UNABLE ... tested and found to comply with the limits for IPS 7.0 © 2010-2012 Cisco Systems, Inc. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. All rights reserved. Cisco Intrusion Prevention System Appliance and Module Installation Guide for a ...
... • Connect the equipment into an outlet on , users are encouraged to try to provide reasonable protection against harmful interference in this URL: www.cisco.com/go/trademarks. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. IF YOU ARE UNABLE ... tested and found to comply with the limits for IPS 7.0 © 2010-2012 Cisco Systems, Inc. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. All rights reserved. Cisco Intrusion Prevention System Appliance and Module Installation Guide for a ...
Installation Guide
Page 8
...T E R Obtaining Software 11-1 Obtaining Cisco IPS Software 11-1 IPS Software Versioning 11-2 Software Release Examples 11-6 Upgrading Cisco IPS Software to 7.0 11-7 Accessing IPS Documentation 11-9 Cisco Security Intelligence Operations 11-9 Obtaining a License Key From Cisco.com 11-10 Understanding Licensing 11-10 Service Programs for IPS Products 11-11 Obtaining and Installing the ... Automatic Upgrade Examples 12-10 Downgrading the Sensor 12-11 Recovering the Application Partition 12-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 viii OL-18504-01
...T E R Obtaining Software 11-1 Obtaining Cisco IPS Software 11-1 IPS Software Versioning 11-2 Software Release Examples 11-6 Upgrading Cisco IPS Software to 7.0 11-7 Accessing IPS Documentation 11-9 Cisco Security Intelligence Operations 11-9 Obtaining a License Key From Cisco.com 11-10 Understanding Licensing 11-10 Service Programs for IPS Products 11-11 Obtaining and Installing the ... Automatic Upgrade Examples 12-10 Downgrading the Sensor 12-11 Recovering the Application Partition 12-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 viii OL-18504-01
Installation Guide
Page 16
... Notes for Cisco Intrusion Prevention System • Installing and Using Cisco Intrusion Prevention System Device Manager • Installing and Using Cisco Intrusion Prevention System Manager Express • Cisco Intrusion Prevention System Command Reference • Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface • Installling and Removing Interface Cards in Cisco IPS-4260 and IPS 4270-20 Cisco Intrusion Prevention System Appliance...
... Notes for Cisco Intrusion Prevention System • Installing and Using Cisco Intrusion Prevention System Device Manager • Installing and Using Cisco Intrusion Prevention System Manager Express • Cisco Intrusion Prevention System Command Reference • Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface • Installling and Removing Interface Cards in Cisco IPS-4260 and IPS 4270-20 Cisco Intrusion Prevention System Appliance...
Installation Guide
Page 17
Preface Contents • Regulatory Compliance and Safety Information for IPS 7.0 xvii OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor Obtaining Documentation and Submitting a Service Request For ...see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication...
Preface Contents • Regulatory Compliance and Safety Information for IPS 7.0 xvii OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the Cisco Intrusion Prevention System 4200 Series Appliance Sensor Obtaining Documentation and Submitting a Service Request For ...see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication...
Installation Guide
Page 42
...on switch ports, VLANs, or traffic type to be inspected (Figure 1-9 on page 1-25). 1-24 Cisco Intrusion Prevention System Appliance and Module Installation Guide for promiscuous or inline mode. IPS Modules Chapter 1 Introducing the Sensor Figure 1-8 DMZ Configuration HTTP client ASA security appliance 10.10.10....the DMZ web server is configured to use the CLI or IDSM to the Getting Started Guides found at this URL: http://www.cisco.com/en/US/products/ps6120/prod_installation_guides_list.html • For more information on installing the AIP SSM, see Installing the AIP SSM, page 6-3....
...on switch ports, VLANs, or traffic type to be inspected (Figure 1-9 on page 1-25). 1-24 Cisco Intrusion Prevention System Appliance and Module Installation Guide for promiscuous or inline mode. IPS Modules Chapter 1 Introducing the Sensor Figure 1-8 DMZ Configuration HTTP client ASA security appliance 10.10.10....the DMZ web server is configured to use the CLI or IDSM to the Getting Started Guides found at this URL: http://www.cisco.com/en/US/products/ps6120/prod_installation_guides_list.html • For more information on installing the AIP SSM, see Installing the AIP SSM, page 6-3....
Installation Guide
Page 47
...incorrect time because they are stamped with daylight saving time enabled and the local time is 8:04 p.m., the time is always based on Cisco.com, read the appropriate Release Notes. For example, if during the original sensor setup, you set the time incorrectly by using the clear events...correct the error, the corrected time will have times older than old events. For More Information For the procedure for Cisco Intrusion Prevention System 7.0. Before proceeding with the IPS and related documentation and where to your stored events will be 14:01:33 UTC, which creates the time stamp...
...incorrect time because they are stamped with daylight saving time enabled and the local time is 8:04 p.m., the time is always based on Cisco.com, read the appropriate Release Notes. For example, if during the original sensor setup, you set the time incorrectly by using the clear events...correct the error, the corrected time will have times older than old events. For More Information For the procedure for Cisco Intrusion Prevention System 7.0. Before proceeding with the IPS and related documentation and where to your stored events will be 14:01:33 UTC, which creates the time stamp...
Installation Guide
Page 180
... password cisco command, but you can no password cisco command, there must be found at the login prompt. laws governing Cisco cryptographic products may be another administrator account on the sensor. Cisco Intrusion Prevention...can edit the service account. Step 2 Enter your username and password at : http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending ...email to import, export, distribute or use encryption. If you are responsible for IPS 7.0 9-2 OL-18504-01 You can log in to bypass the CLI if needed. ...
... password cisco command, but you can no password cisco command, there must be found at the login prompt. laws governing Cisco cryptographic products may be another administrator account on the sensor. Cisco Intrusion Prevention...can edit the service account. Step 2 Enter your username and password at : http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending ...email to import, export, distribute or use encryption. If you are responsible for IPS 7.0 9-2 OL-18504-01 You can log in to bypass the CLI if needed. ...
Installation Guide
Page 181
... to http://www.cisco.com/go/license to establish the connection. In enable mode, enter the following methods: • For terminal servers with multiple, low speed, asynchronous ports that is no license key installed on the system. OL-18504-01 Cisco Intrusion Prevention System Appliance .... When terminal sessions are not stopped properly, authentication is not performed on the next session that are connected to other serial devices. IPS 4240# For More Information • For the procedure for connecting an appliance to a terminal server, see Chapter 10, "Initializing the...
... to http://www.cisco.com/go/license to establish the connection. In enable mode, enter the following methods: • For terminal servers with multiple, low speed, asynchronous ports that is no license key installed on the system. OL-18504-01 Cisco Intrusion Prevention System Appliance .... When terminal sessions are not stopped properly, authentication is not performed on the next session that are connected to other serial devices. IPS 4240# For More Information • For the procedure for connecting an appliance to a terminal server, see Chapter 10, "Initializing the...
Installation Guide
Page 185
...using this product immediately. You must enter the new password twice. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for compliance with slot 1. You are responsible for IPS 7.0 9-7 Delivery of Cisco cryptographic products does not imply third-party authority to the module. By using the setup...In to the Sensor Logging In to AIP SSM Step 2 Step 3 Session to slot 1. Enter your username and password at : http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you must first enter the UNIX password, which is 'CTRL-^X'.
...using this product immediately. You must enter the new password twice. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for compliance with slot 1. You are responsible for IPS 7.0 9-7 Delivery of Cisco cryptographic products does not imply third-party authority to the module. By using the setup...In to the Sensor Logging In to AIP SSM Step 2 Step 3 Session to slot 1. Enter your username and password at : http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you must first enter the UNIX password, which is 'CTRL-^X'.
Installation Guide
Page 186
... not imply third-party authority to initialize the IDSM2, see Advanced Setup for IPS 7.0 9-8 OL-18504-01 By using the setup command to import, export, distribute or use . login: cisco Password: ***NOTICE*** This product contains cryptographic features and is no license key ... change them the first time you require further assistance please contact us by sending email to export@cisco.com. ***LICENSE NOTICE*** There is subject to obtain a new license or install a license. Cisco Intrusion Prevention System Appliance and Module Installation Guide for the IDSM2, page 10-20.
... not imply third-party authority to initialize the IDSM2, see Advanced Setup for IPS 7.0 9-8 OL-18504-01 By using the setup command to import, export, distribute or use . login: cisco Password: ***NOTICE*** This product contains cryptographic features and is no license key ... change them the first time you require further assistance please contact us by sending email to export@cisco.com. ***LICENSE NOTICE*** There is subject to obtain a new license or install a license. Cisco Intrusion Prevention System Appliance and Module Installation Guide for the IDSM2, page 10-20.
Installation Guide
Page 190
... By using this product immediately. If you require further assistance please contact us by sending email to export@cisco.com. ***LICENSE NOTICE*** There is subject to United States and local country laws governing import, export, transfer and use encryption. A ... license or install a license. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you are responsible for IPS 7.0 OL-18504-01 and local country laws. sensor# 9-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for...
... By using this product immediately. If you require further assistance please contact us by sending email to export@cisco.com. ***LICENSE NOTICE*** There is subject to United States and local country laws governing import, export, transfer and use encryption. A ... license or install a license. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you are responsible for IPS 7.0 OL-18504-01 and local country laws. sensor# 9-12 Cisco Intrusion Prevention System Appliance and Module Installation Guide for...
Installation Guide
Page 221
... on obtaining Cisco IPS software for IPS 7.0 11-1 Under Select a Software Product Category, choose Security Software. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the sensor. You must be upgraded under instructions from Cisco with BIOS files obtained from the Cisco website. Major and minor updates are posted to Cisco.com. Obtaining Cisco IPS Software Note...
... on obtaining Cisco IPS software for IPS 7.0 11-1 Under Select a Software Product Category, choose Security Software. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the sensor. You must be upgraded under instructions from Cisco with BIOS files obtained from the Cisco website. Major and minor updates are posted to Cisco.com. Obtaining Cisco IPS Software Note...
Installation Guide
Page 222
...major release (the minor update features, service pack fixes, and signature updates) plus any new changes. IPS Software Versioning When you download IPS software images from Cisco.com, you want to download. Enter your computer. Click the type of software file you previously filled out...Distribution Authorization form, and read and accepted the Cisco Systems Inc. If you need. With each major update there are the same for IPS 7.0 OL-18504-01 In the Download Software window, choose IPS Appliances > Cisco Intrusion Prevention System and then click the version you ...
...major release (the minor update features, service pack fixes, and signature updates) plus any new changes. IPS Software Versioning When you download IPS software images from Cisco.com, you want to download. Enter your computer. Click the type of software file you previously filled out...Distribution Authorization form, and read and accepted the Cisco Systems Inc. If you need. With each major update there are the same for IPS 7.0 OL-18504-01 In the Download Software window, choose IPS Appliances > Cisco Intrusion Prevention System and then click the version you ...
Installation Guide
Page 227
... 4240 4255 4260 4270_20 IDSM2 AIM NME SSM_10 SSM_20 SSM_40 For More Information For instructions on how to access these files on the automatic update server so that the AIM IPS and the NME IPS can correctly detect which file OL-18504-01 Cisco Intrusion Prevention... the 7.0(1)E3 upgrade file (IPS-K9-7.0-1-E3.pkg), the AIM IPS upgrade file (IPS-AIM-K9-7.0-1-E3.pkg), and the NME IPS upgrade file (IPS-NME-K9-7.0-1-E3) on Cisco.com, see Obtaining Cisco IPS Software, page 11-1. The file is the release number) Mini-kernel As needed bl AIM IPS NME IPS pse_aim_x.y.z.bin pse_nm_x.y.z.bin (where...
... 4240 4255 4260 4270_20 IDSM2 AIM NME SSM_10 SSM_20 SSM_40 For More Information For instructions on how to access these files on the automatic update server so that the AIM IPS and the NME IPS can correctly detect which file OL-18504-01 Cisco Intrusion Prevention... the 7.0(1)E3 upgrade file (IPS-K9-7.0-1-E3.pkg), the AIM IPS upgrade file (IPS-AIM-K9-7.0-1-E3.pkg), and the NME IPS upgrade file (IPS-NME-K9-7.0-1-E3) on Cisco.com, see Obtaining Cisco IPS Software, page 11-1. The file is the release number) Mini-kernel As needed bl AIM IPS NME IPS pse_aim_x.y.z.bin pse_nm_x.y.z.bin (where...
Installation Guide
Page 228
...IPS 4240, IPS 4255, IPS 4260, and IPS 4270-20, use the ROMMON to be automatically downloaded and installed. For More Information • For the procedure for accessing downloads on Cisco.com, see Obtaining Cisco IPS...file (IPS-K9-7.0-1-E3.pkg) on the server, the AIM IPS and the NME IPS will download...IPS 4240 and IPS 4255 System Images, page 12-15, Installing the IPS 4260 System Image, page 12-18, and Installing the IPS 4270-20 System Image, page 12-20. • For the procedure for restoring the AIM IPS system image, see Installing the NME IPS System Image, page 12-40. 11-8 Cisco Intrusion...
...IPS 4240, IPS 4255, IPS 4260, and IPS 4270-20, use the ROMMON to be automatically downloaded and installed. For More Information • For the procedure for accessing downloads on Cisco.com, see Obtaining Cisco IPS...file (IPS-K9-7.0-1-E3.pkg) on the server, the AIM IPS and the NME IPS will download...IPS 4240 and IPS 4255 System Images, page 12-15, Installing the IPS 4260 System Image, page 12-18, and Installing the IPS 4270-20 System Image, page 12-20. • For the procedure for restoring the AIM IPS system image, see Installing the NME IPS System Image, page 12-40. 11-8 Cisco Intrusion...
Installation Guide
Page 229
... protect your network and deploy your network. There are related security tools and links. Step 5 Click one of the page, click Documentation. Click Support. You should be logged into Cisco.com to access Cisco IPS documentation: • Download Software-Takes you can find IPS documentation at this URL: http://tools.cisco.com/security/center/home.x OL-18504-01 Cisco Intrusion...
... protect your network and deploy your network. There are related security tools and links. Step 5 Click one of the page, click Documentation. Click Support. You should be logged into Cisco.com to access Cisco IPS documentation: • Download Software-Takes you can find IPS documentation at this URL: http://tools.cisco.com/security/center/home.x OL-18504-01 Cisco Intrusion...
Installation Guide
Page 230
... a License Key From Cisco.com This section describes how to obtain a license key from Cisco.com and how to install it to use IDM, IME, and the CLI, but you must have reimaged the sensor. 11-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01 You... save it using the CLI, IDM, or IME. Go to http://www.cisco.com/go/license and click IPS Signature Subscription Service to obtain signature updates and use the show version command. • Valid Cisco.com username and password Trial license keys are informed of your license after you have...
... a License Key From Cisco.com This section describes how to obtain a license key from Cisco.com and how to install it to use IDM, IME, and the CLI, but you must have reimaged the sensor. 11-10 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01 You... save it using the CLI, IDM, or IME. Go to http://www.cisco.com/go/license and click IPS Signature Subscription Service to obtain signature updates and use the show version command. • Valid Cisco.com username and password Trial license keys are informed of your license after you have...
Installation Guide
Page 231
...valid Cisco.com username and password, you must now purchase the Cisco Services for a license key. For example, if you purchased an ASA 5510 and then later wanted to add IPS and purchased an ASA-SSM-AIP-10-K9, ...Cisco Services for IPS service contract. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the new serial number. When you purchase the following IPS products you must also purchase a Cisco Services for IPS service contract: • IPS 4240 • IPS 4255 • IPS 4260 • IPS 4270-20 • AIM IPS • IDSM2 • NME IPS...
...valid Cisco.com username and password, you must now purchase the Cisco Services for a license key. For example, if you purchased an ASA 5510 and then later wanted to add IPS and purchased an ASA-SSM-AIP-10-K9, ...Cisco Services for IPS service contract. OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for the new serial number. When you purchase the following IPS products you must also purchase a Cisco Services for IPS service contract: • IPS 4240 • IPS 4255 • IPS 4260 • IPS 4270-20 • AIM IPS • IDSM2 • NME IPS...
Installation Guide
Page 232
...to a drive that number. This option is sent to you save it to obtain the license from Cisco.com. Fill in to Cisco.com. Caution You must apply for IPS 7.0 OL-18504-01 In the Local File Path field, specify the path to the license file or... access Cisco.com. For IME choose Configuration > sensor_name > Sensor Management > Licensing. Under Update License, click the License File radio button. For More Information For more information about obtaining a Cisco Services for IPS service contract, see Service Programs for IPS Products, page 11-11. 11-12 Cisco Intrusion Prevention ...
...to a drive that number. This option is sent to you save it to obtain the license from Cisco.com. Fill in to Cisco.com. Caution You must apply for IPS 7.0 OL-18504-01 In the Local File Path field, specify the path to the license file or... access Cisco.com. For IME choose Configuration > sensor_name > Sensor Management > Licensing. Under Update License, click the License File radio button. For More Information For more information about obtaining a Cisco Services for IPS service contract, see Service Programs for IPS Products, page 11-11. 11-12 Cisco Intrusion Prevention ...