Configuring
the Sensor
Now we need to set up the sensor for the blocking devices it
will monitor by using the Cisco Secure Policy Manager (CSPM). These settings
indicate to the sensor which routers, by Telnet IP address, will be governed and
updated as well as indicate the correct settings for dynamic Telnet sessions,
including login password and possible usernames to use.
First, we will need to start our Cisco Secure Policy Manager. Once
the CSPM is open, we will select our target sensor from the Network Topology
Tree in the left pane, as shown in Figure 8.5.
Second, we will select the Blocking tab from the
sensor view panel on the right side of the CSPM and then select the Blocking Devices tab. This will give us a list of the configured
network devices currently monitored by the sensor, if any. This can be seen in
Figure
8.6.
At this point, we can add the blocking device we want to configure
to this sensor. By selecting Add, we will be given the options
we need to configure the sensor to both recognize and manage this blocking
device. This can be seen in Figure 8.7.
The following fields appear in the Blocking Device Properties
dialog:
-
Telnet IP Address This is needed by the
sensor to establish a connection to the blocking device if any changes are to be
made to the interface's ACL usage.
-
Telnet Username This is not always
necessary. If usernames are used on the network, then this option will need to
be filled in to provide the sensor with the ability to log in. If it is not
used, then it is fine to leave this option blank.
-
Telnet Password This is the login
password configured on the blocking device to allow Telnet connections from the
sensor.
-
Enable Password This is necessary for the
implementation of any new ACLs. If this is not configured, any sensor-configured
ACL updates will not be accepted by the blocking device.
-
Blocking Interfaces This area specifies
the interface and traffic direction of the blocking device the sensor will be
managing. To configure this, we will select Add and configure the following:
-
Interface Name The interface on the
blocking device we want to be monitored. This would include the name of the
interface and it's respective number. Examples would include, Serial0,
FastEthernet2/8. Notice there is no space between the name and the number. This
lack of a space is imperative for the sensor to distinguish the interface.
-
Interface Direction This is where we
configure which direction of traffic we want the sensor to monitor. Here we can
choose from either Inbound or Outbound. The implications of the direction were
covered earlier in the chapter.
To configure more than one interface on a router, select Add and configure the appropriate settings for each one
individually.
Once we have finished entering our configuration settings, select
OK twice to accept our changes and then click the Save button to save the new configuration in the CSPM
database.
To complete the blocking device configuration, we will now
need to push the configuration to the blocking device's respective sensor. After
we have saved our new configuration, select the Update button
in the toolbar to generate the new configuration files used by the sensor.
Select the sensor we wish to push the files to; it should already be selected
since we chose this for our initial configuration changes in the first step. We
then select the Command tab. If the preceding configurations
have been saved and updated, the Approve Now button on the
Command tab will be enabled. Click the Approve Now button and
the configuration files will be transferred. When the Refresh
button becomes enabled, select it to view the configuration update status.
Sections
Comments (0 posted)
Syndication
