IDS 4215 with multiple sensor interfaces

vm.sebastian · ‎02-09-2005

Hi,

I have one 4215 IDS with 5 sensor interfaces. It is managed and moitored by VMS 2.2.

I want to put different rules for different interfaces. ie different levels of signature tuning and different types of action on attacks on each interfae. Is it possible? ( I am seeing that only one Sensor can be added in VMS with four interfaces)

Regards

Sebastian

owensgl · ‎02-10-2005

no this is not possible. in ver 5 it will be

a.arndt · ‎02-10-2005

Under Cisco IDS v4.1, all interfaces belong to the same interface group. This group is controlled by a single "virtualSensor" configuration.

I was told, while on a Cisco IDS course, that Cisco plans to implement the ability to have multiple "virtualSensor" configurations in a future release. In order to have different monitoring interfaces use different configurations, you would just have to assign the interface to a new interface group and then configure the "virtualSensor" settings for that group appropriately. Conceivably, you could have five unique "virtualSensor" configurations on an appliance with five monitoring interfaces.

Unfortunately, Cisco IDS v5.0 is still in beta and I don't have any idea as to whether or not this idea has actually been implemented in it.

Perhaps someone from Cisco can provide some more info...?

I hope this helps,

Alex Arndt

mkodali · ‎02-16-2005

IDS5.0 will still have single virtualSensor configuration possible with interfaces being assigned or removed from that. Multiple virtualSensors is slated for future release.