Table of Contents
Advertisement
Chapter 1
Introducing the Sensor
Appliance Restrictions
Setting Up a Terminal Server
Cisco Intrusion Detection System Appliance and Module Installation and Configuration Guide Version 4.1
78-15597-02
Configure the firewall to permit the following traffic:
•
–
SSH or Telnet traffic from the control interface of the appliance to the
router.
–
Syslog (UDP port 514) traffic from the router to the appliance.
Note
To capture policy violations on the router, the appliance must also
be configured to accept syslog messages.
Communications (TCP ports 443 for TLS/SSL and 22 for SSH) between
–
the appliance and any IDS manager workstation, if the firewall comes
between them.
Essentially, the firewall implements policy filtering. The appliance captures
packets between the Cisco router and the firewall, and can dynamically
update the ACLs of the Cisco router to deny unauthorized activity.
You can also configure the appliance to manage a PIX Firewall
Note
instead of the Cisco router.
The following restrictions apply to using and operating the appliance:
•
The appliance is not a general purpose workstation.
Cisco Systems prohibits using the appliance for anything other than operating
•
Cisco IDS.
Cisco Systems prohibits modifying or installing any hardware or software in
•
the appliance that is not part of the normal operation of the Cisco IDS.
A terminal server is a router with multiple, low speed, asynchronous ports that are
connected to other serial devices. You can use terminal servers to remotely
manage network equipment, including appliances.
Appliances
1-9
Advertisement
Table of Contents
Troubleshooting
