By default, ESR devices have a basic set of rules from EmergingThreats designed for testing and verifying
system health.
13.6.1 Base configuration algorithm
Step Description Command Keys
1 Create IPS/IDS security policy. esr(config)# security ips policy
<NAME>
<NAME> – security policy
name, set by the string of up to
32 characters
2 Specify policy description (optional). esr(config-ips-policy)# description
<DESCRIPTION>
<DESCRIPTION> – description,
set by the string of up to 255
characters.
3 Specify the IP address profile that IPS/
IDS will protect.
esr(config-ips-policy)# protect
network-group <OBJ-GROUP-
NETWORK_NAME>
<OBJ-GROUP-NETWORK-
NAME> – protected IP
addresses profile name, set by
the string of up to 32
characters.
4 Specify the profile of IP addresses that
are external for IPS/IDS (optionally).
esr(config-ips-policy)# external
network-group <OBJ-GROUP-
NETWORK_NAME>
<OBJ-GROUP-NETWORK-
NAME> – external IP addresses
profile name, set by the string
of up to 32 characters.
5 Switch to the IPS/IDS configuration
mode.
esr(config)# security ips
6 Assign IPS/IDS security policy. esr(config-ips)# policy <NAME> <NAME> – security policy
name, set by the string of up to
32 characters
7 Use all ESR rosiurces for IPS/IDS
(optional).
esr(config-ips)# perfomance max By default, half of the available
processor cores are allocated
for IPS/IDS.
8 Set external drive for recording logs in
EVE format (optional).
esr(config-ips)# logging storage-
path <DEVICE_NAME>
<DEVICE_NAME> the name of
the USB or MMC drive.
9 Enable IPS/IDS. esr(config-ips )# enable
10 Enable IPS/IDS on the interface. esr(config-if-gi)# service-ips
enable
To Next Page
Loading...
Need help?
General
