Cisco IPS-4255-K9 Installation Guide - Page 300
Troubleshooting External Product Interfaces, External Product Interfaces Issues
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 300 highlights
Troubleshooting External Product Interfaces Chapter A Troubleshooting Step 3 Step 4 Step 5 Step 6 Check to see if Analysis Engine reads Not Running. Enter show tech-support and save the output. Reboot the sensor. Enter show version after the sensor has stabilized to see if the issue is resolved. If Analysis Engine still reads Not Running, contact TAC with the original show tech support command output. Troubleshooting External Product Interfaces This section lists issues that can occur with external product interfaces and provides troubleshooting tips. It contains the following topics: • External Product Interfaces Issues, page A-22 • External Product Interfaces Troubleshooting Tips, page A-23 External Product Interfaces Issues When the external product interface receives host posture and quarantine events, the following issues can arise: • The sensor can store only a certain number of host records. - If the number of records exceeds 10,000, subsequent records are dropped. - If the 10,000 limit is reached and then it drops to below 9900, new records are no longer dropped. • Hosts can change an IP address or appear to use another host IP address, for example, because of DHCP lease expiration or movement in a wireless network. In the case of an IP address conflict, the sensor presumes the most recent host posture event to be the most accurate. • A network can include overlapping IP address ranges in different VLANs, but host postures do not include VLAN ID information. You can configure the sensor to ignore specified address ranges. • A host can be unreachable from the CSA MC because it is behind a firewall. You can exclude unreachable hosts. • The CSA MC event server allows up to ten open subscriptions by default. You can change this value. You must have an administrative account and password to open subscriptions. • CSA data is not virtualized; it is treated globally by the sensor. • Host posture OS and IP addresses are integrated into passive OS fingerprinting storage. You can view them as imported OS profiles. • You cannot see the quarantined hosts. • The sensor must recognize each CSA MC host X.509 certificate. You must add them as a trusted host. • You can configure a maximum of two external product devices. A-22 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 OL-18504-01