Filter
Top Products
37-8
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 37 Configuring Virtual Sensors
Defining A Virtual Sensor
Field Reference
Table 37-1 Add or Edit Virtual Sensor Dialog Box
Element Description
Virtual Sensor Name The name of the virtual sensor. The virtual sensor name can be up to 64
characters and it cannot contain spaces. The name of the default virtual
sensor is vs0.
You cannot change the name after you create the virtual sensor. To
change a virtual sensor name, delete the sensor and create a new sensor
with the desired name. If you already configured local policies for the
sensor (that is, signature, event action, and anomaly detection policies),
first save the policies as shared policies, delete the sensor, create the
new sensor, then assign the shared policies to the new virtual sensor.
For more information about creating shared policies from local
policies, see Sharing a Local Policy, page 5-38.
Interface Assignments
(Available, Assigned)
The promiscuous interfaces, inline interface pairs, inline VLAN pairs,
promiscuous VLAN groups, or inline VLAN groups that you want this
virtual sensor to use. The list of available interfaces shows only those
interfaces that are configured in the Interfaces policy and that are not
yet assigned to another virtual sensor.
• To assign interfaces, select them in the available list and click >>.
• To remove an assignment, select the interface in the assigned list
and click <<. You must remove an assignment before you can
assign an interface to a different virtual sensor.
Tip If you are not sure about the content of a specific interface, for
example, its mode or assigned VLANs, close the dialog box, go
to the Interfaces policy, and examine the various tabs.
Anomaly Detection Mode The mode that you want the anomaly detection policy to operate in for
this virtual sensor: Detect, Inactive, Learn. The default and normal
operational mode is Detect. However, if you are using asymmetric
normalizer mode, you might want to set the anomaly detection mode to
Inactive. For detailed information about these modes, see Anomaly
Detection Modes, page 40-2.
Inline TCP Session Tracking
Mode
The mode used to segregate multiple views of the same stream if the
same stream passes through the sensor more than once. The default
mode is Virtual Sensor. For more information, see Inline TCP Session
Tracking Mode, page 37-3. Select one of the following:
• Interface and VLAN—All packets with the same session key
(AaBb) in the same VLAN (or inline VLAN pair) and on the same
interface belong to the same session. Packets with the same key but
on different VLANs are tracked separately.
• VLAN Only—All packets with the same session key (AaBb) in the
same VLAN (or inline VLAN pair) regardless of the interface
belong to the same session. Packets with the same key but on
different VLANs are tracked separately.
• Virtual Sensor—All packets with the same session key (AaBb)
within a virtual sensor belong to the same session.