configuring multiple IPS devices at the sametime

Unanswered Question
Sep 15th, 2010
User Badges:

Hi All,


          I have 10 new IPS devices, i have to do the coniguration on all the 10 devices, the configuration on all the 10 devices wil be same........Is there an easy way to configure multiple devices at the same time (is there any script that can do that) or is there any way to automate this task?



Thanks,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
rhermes Wed, 09/15/2010 - 12:44
User Badges:
  • Gold, 750 points or more

For 10 devices the quickest way is to configure one device the way you want them all to look,

Do a "show conf", copy and paste this into your text editor, change the IP address/mask,gateway for each new device and paste them into each sensor.

When you get on each sensor, check the OS version and throw on a license key, if you bought them.


For only 10 devices, it isn;t worth installing the Cisco Security Manager unless you'll be actively managing signatures on an ongoing basis.


- Bob

Scott Fringer Sat, 09/18/2010 - 06:45
User Badges:
  • Cisco Employee,

Another option is to configure one sensor the way you want, as with Bob's recommendation.  Then copy the current configuration to a remote server (FTP, SCP, HTTP or HTTPS):


copy current-config ftp:


Follow the prompts to provide the necessary credentials.  (This example is using a FTP server)


Next perform the minimal host configuration on each remaining sensor (IP address, access-list), and then copy the saved configuration to each sensor:


copy ftp: current-config


Again, provide the necessary credentials as prompted.


You will then be prompted as to whether to overwrite the host settings; choose not to do so.  This should implement all other sensor options you had configured on the initial sensor.


Also, as Bob mentioned, this method is sufficient for initial configuration; long-term policy management can be challenging with these processes.  If you will be looking to perform frequent and consistent signature tuning across all ten sensors you may wish to consider making use of Cisco Security Manager which allows you to create a shared signature policy.  This allows you to make the changes to one IPS policy and deploy that policy to all ten sensors concurrently.


Scott

Actions

This Discussion