Device Area Configuration

The Network panel can be selected by navigating to Device | Sensor Setup | Network, where Device is the Area, Sensor Setup is the Sub-Area, and Network is the TOC item. Once the Network TOC item is selected, the network panel is displayed in the content area, as seen in Figure 25-8.

Figure 25-8: IDS Device Manager Network panel

The Network panel lists the configuration parameters that were configured during the sensor bootstrap process. From this panel, the common network and PostOffice setting can be modified. Additional settings that can be configured include the following:

• Heartbeat Interval This setting is used to calculate how many attempts the sensor should make to wait for a heartbeat acknowledgement from a remote host before considering the host is down and generating a route-down alarm.

• Route-Up Alarm Level This setting configures the level of alarm to be generated when a route-up event is detected. The default setting is Informational. Possible settings include the following:

  • Informational—Categorizes the event as informational in nature and not a risk to security. These events are shown with a blue icon in the IDS Event Viewer.

  • Low—Categorizes the event as mildly severe. These events are displayed with a yellow icon in the IDS Event Viewer.

  • Medium—Categorizes the event as a moderate risk. These events are displayed with an orange icon in the IDS Event Viewer.

  • Categorizes the event as a high risk. These events are displayed with a red icon in the IDS Event Viewer.

    Note

    The values (1 to 5) are mapped to these logical names, based on the configuration settings in the severity mapping panel. The names previously used are the default severity mappings configured on each sensor.

• Route-Down Alarm Level This setting configures the level of alarm to be generated when a route-down event is detected. The settings for route-down alarms are the same as previously mentioned for the route-up alarm level. The default setting for this parameter is high.

• Enable TLS/SSL This setting configures the web server to use TLS and SSL.

• Web Server Port This setting configures the port number on which the sensor’s web server will listen for HTTP or HTTPS requests. By default, this parameter is set to 443 for HTTPS communications.

You can configure the allowed hosts during the bootstrapping or from the IDS Device Manager. By default, the sensor only allows access from IP addresses to which the sensor has been configured to allow access. By default, the sensor allows access from any host with an IP address belonging to the 10.0.0.0 /8 network. Before you can connect to the sensor, you must configure the sensor—during bootstrap—to allow the IP address of the host which you’ll use to connect to the sensor. Figure 25-9 illustrates the Allowed Hosts panel.

Figure 25-9: Adding allowed hosts

To allow hosts, you can enter the specific host address or the network address. When adding a network address, you only have to enter the octets that make up the network address. For example, if you want to allow all hosts in the 172.30.0.0 /16 network, you could add the first two octets, such as 172.16. In addition, you can allow all hosts to connect to and manage the sensor by clicking Allow All Hosts.

Remote Access (Device | Sensor Setup | Remote Access)

You can allow unsecured access to the sensor via Telnet or FTP. The protocols are considered insecure because they send data in clear text. To enable Telnet or FTP, select the Remote Access item in the TOC and select either protocol by placing a check mark in the corresponding checkbox, as Figure 25-10 shows.

Figure 25-10: Remote Access configuration

SSH Host Keys (Device | Sensor Setup | SSH)

From the SSH TOC panel, you can generate a new or delete an existing host key. Host keys are used by the sensor to connect to PIX firewalls and other hosts. Once the SSH session is open, the sensor can use the connection to perform blocking.

You can configure the sensor to create a new host key by selecting the Generate Host Key link on the Host Key panel. Once the host key is created, apply your configuration settings. With the new key created, you must then update the known host tables on the remote systems with the new key fingerprint. You can delete exiting keys by selecting the Known Hosts TOC item.

Setting the Time (Device | Sensor Setup | Time)

You can configure the time, date, and time zone information from the Time panel.

Changing the Password (Device | Sensor Setup | Password)

The password for the netrangr account can be changed from the Password panel. You needn’t click Apply Changes on the toolbar for this change to take effect.