Manualshelf

User manual

ManualsBrandsCisco Systems ManualsSoftwareHome Security System IPS4510K9
71727374757677787980
3-11
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Chapter 3 Setting Up the Sensor
Changing Network Settings
server and it must be reachable for automatic update and global correlation updates to be successful. You
can configure other DNS servers as backup servers. DNS queries are sent to the first server in the list. If
it is unreachable, DNS queries are sent to the next configured DNS server.
Caution
For automatic and global correlation updates to function, you must have either a DNS server or an HTTP
proxy server configured at all times.
Caution
DNS resolution is supported for accessing the global correlation update server as well as www.cisco.com
for automatic updates.
The following options apply:
http-proxy {no-proxy | proxy-sensor}—Configures the HTTP proxy server:
address ip_address —Specifies the IP address of the HTTP proxy server.
port port_number —Specifies the port number of the HTTP proxy server.
dns-primary-server {enabled | disabled}—Enables a DNS primary server:
address ip_address —Specifies the IP address of the DNS primary server.
dns-secondary-server {enabled | disabled}—Enables a DNS secondary server:
address ip_address —Specifies the IP address of the DNS secondary server.
dns-tertiary-server {enabled | disabled}—Enables the DNS tertiary server:
address ip_address —Specifies the IP address of the DNS tertiary server.
Configuring DNS and Proxy Servers for Automatic Update and Global Correlation
To configure DNS and proxy servers to support automatic update and global correlation, follow these
steps:
Step 1
Log in to the sensor using an account with administrator privileges.
Step 2
Enter network settings submode.
sensor# configure terminal
sensor(config)# service host
sensor(config-hos)# network-settings
Step 3
Enable a proxy or DNS server to support global correlation:
a.
Enable a proxy server.
sensor(config-hos-net)# http-proxy proxy-server
sensor(config-hos-net-pro)# address 10.10.10.1
sensor(config-hos-net-pro)# port 65
sensor(config-hos-net-pro)#
b.
Enable a DNS server.
sensor(config-hos-net)# dns-primary-server enabled
sensor(config-hos-net-ena)# address 10.10.10.1
sensor(config-hos-net-ena)#
Step 4
Verify the settings.
sensor(config-hos-net)# show settings
network-settings