Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
37-9
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 37 Configuring Virtual Sensors
Editing Policies for a Virtual Sensor
Editing Policies for a Virtual Sensor
Virtual sensors have two types of policies: the virtual sensor’s properties, and policies assigned to the
virtual sensor. You use a different approach to edit these items.
To edit the properties of a virtual sensor, select the virtual sensor’s parent device in the device
selector in Device view. Then, select the Virtual Sensors policy. You can then select the virtual
sensor in the table and click the Edit Row button.
Using the Virtual Sensors policy, you can change the interfaces assigned to a sensor, the anomaly
detection mode, inline TCP session tracking mode, and Normalizer mode. For more information, see
the following topics:
Defining A Virtual Sensor, page 37-5
Virtual Sensor Dialog Box, page 37-7
To edit the policies assigned to a virtual sensor, select the virtual sensor in the device selector in
Device view. A virtual sensor’s name is in the form device-name_virtual-sensor-name, where
device-name is the name of the parent device, and virtual-sensor-name is the name of the virtual
sensor. For example, the virtual sensor vs1 on device 10.100.10.10 would be 10.100.10.10_vs1.
Note The base virtual sensor, vs0, is integrated with the parent device and does not appear
separately in the device selector. To configure the base virtual sensor, select the parent
device.
You can then select the policies in the Policies selector and configure them. For more information,
see the following topics:
Chapter 38, “Defining IPS Signatures”
Normalizer Mode The type of Normalizer mode you need for traffic inspection. For more
information, see Understanding Normalizer Mode, page 37-4.
Strict Evasion Protection—(Default) If a packet is missed for any
reason, all packets after the missed packet are not processed. Strict
evasion protection provides full enforcement of TCP state and
sequence tracking.
Any out-of-order packets or missed packets can produce
Normalizer engine signatures 1300 or 1330 firings, which try to
correct the situation, but can result in denied connections.
Asymmetric Mode Protection—Can only see one direction of
bidirectional traffic flow. Asymmetric mode protection relaxes the
evasion protection at the TCP layer.
Asymmetric mode lets the sensor synchronize state with the flow
and maintain inspection for those engines that do not require both
directions. Asymmetric mode lowers security because full
protection requires both sides of traffic to be seen.
Description The description of the virtual sensor.
Table 37-1 Add or Edit Virtual Sensor Dialog Box (Continued)
Element Description