Configuring The Sensor To Be A Master Blocking Sensor - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

Chapter 10 Configuring Blocking

Configuring the Sensor to be a Master Blocking Sensor

Multiple sensors (blocking forwarding sensors) can forward blocking requests to a specified master
blocking sensor, which controls one or more devices. The master blocking sensor is the Network Access
Controller running on a sensor that controls blocking on one or more devices on behalf of one or more
other sensors. The Network Access Controller on a master blocking sensor controls blocking on devices
at the request of the Network Access Controllers running on other sensors.
On the blocking forwarding sensor, identify which remote host serves as the master blocking sensor; on
the master blocking sensor you must add the blocking forwarding sensors to its access list.
If the master blocking sensor requires TLS for web connections, you must configure the Network Access
Controller of the blocking forwarding sensor to accept the X.509 certificate of the master blocking
sensor remote host. Sensors by default have TLS enabled, but you can change this option.
Typically the master blocking sensor is configured to manage the network devices. Blocking forwarding
Note
sensors are not normally configured to manage other network devices, although doing so is permissible.
Only one sensor should control all blocking interfaces on a device.
Caution
Use the master-blocking-sensors mbs_ip_address command in the service network access submode to
configure a master blocking sensor.
The following options apply:
•
•
•
•
•
To configure the Network Access Controller on a sensor to forward blocks to a master blocking sensor,
follow these steps:
Log in to the CLI using an account with administrator privileges on both the master blocking sensor and
Step 1
the blocking forwarding sensor.
Enter configuration mode on both sensors:
Step 2
sensor# configure terminal
Configure TLS if necessary:
Step 3
a.
78-16527-01
mbs_ip_address—IP address of sensor for forward block requests.
password—Account password of sensor for forward block requests.
port—Port of sensor for forward block requests.
tls [true | false] —Set to true if the remote sensor requires TLS, otherwise set to false.
username—Account name of sensor for forward block requests.
On the master blocking sensor, check to see if it requires TLS and what port number is used:
sensor(config)# service web-server
sensor(config-web)# show settings
enable-tls: true <defaulted>
port: 443 <defaulted>
server-id: HTTP/1.1 compliant <defaulted>
sensor(config-web)#
If is true, go to Step b.
enable-tls
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
Configuring the Sensor to be a Master Blocking Sensor
10-25