Cisco IPS-4255-K9 Installation Guide - Page 323
Verifying the Master Blocking Sensor Configuration, Enter, show statistics network-access
UPC - 746320951096
View all Cisco IPS-4255-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 323 highlights
Chapter A Troubleshooting Troubleshooting the Appliance Step 5 sensor(config-sig-sig)# exit sensor(config-sig)# exit Apply Changes:?[yes]: Press Enter to apply the changes or type no to discard them. Verifying the Master Blocking Sensor Configuration To verify that a master blocking sensor is set up properly or to troubleshoot a master blocking sensor that is not set up properly, you can use the show statistics network-access command. Make sure that the forwarding sensor is set up as TLS trusted host if the remote master blocking sensor is using TLS for web access. To verify a master blocking sensor configuration, follow these steps: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Log in to the CLI. View the ARC statistics and verify that the master blocking sensor entries are in the statistics. sensor# show statistics network-access Current Configuration AllowSensorShun = false ShunMaxEntries = 250 MasterBlockingSensor SensorIp = 10.89.149.46 SensorPort = 443 UseTls = 1 State ShunEnable = true ShunnedAddr Host IP = 122.122.122.44 ShunMinutes = 60 MinutesRemaining = 59 If the master blocking sensor does not show up in the statistics, you need to add it. Initiate a manual block to a bogus host IP address to make sure the master blocking sensor is initiating blocks. sensor# configure terminal sensor(config)# service network-access sensor(config-net)# general sensor(config-net-gen)# block-hosts 10.16.0.0 Exit network access general submode. sensor(config-net-gen)# exit sensor(config-net)# exit Apply Changes:? [yes]: Press Enter to apply the changes or type no to discard them. Verify that the block shows up in the ARC statistics. sensor# show statistics network-access Current Configuration AllowSensorShun = false ShunMaxEntries = 100 State ShunEnable = true OL-18504-01 Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.0 A-45