Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
9
Helpful
2
Replies

configuring multiple IPS devices at the sametime

exploit_haxor
Level 1
Level 1

‎09-15-2010 12:08 PM - edited ‎03-10-2019 05:07 AM

Hi All,

          I have 10 new IPS devices, i have to do the coniguration on all the 10 devices, the configuration on all the 10 devices wil be same........Is there an easy way to configure multiple devices at the same time (is there any script that can do that) or is there any way to automate this task?

Thanks,

Labels:
0 Helpful
2 Replies 2

rhermes
Level 7
Level 7

‎09-15-2010 12:44 PM

For 10 devices the quickest way is to configure one device the way you want them all to look,

Do a "show conf", copy and paste this into your text editor, change the IP address/mask,gateway for each new device and paste them into each sensor.

When you get on each sensor, check the OS version and throw on a license key, if you bought them.

For only 10 devices, it isn;t worth installing the Cisco Security Manager unless you'll be actively managing signatures on an ongoing basis.

- Bob

Scott Fringer
Cisco Employee
Cisco Employee

‎09-18-2010 06:45 AM

Another option is to configure one sensor the way you want, as with Bob's recommendation.  Then copy the current configuration to a remote server (FTP, SCP, HTTP or HTTPS):

copy current-config ftp:

Follow the prompts to provide the necessary credentials.  (This example is using a FTP server)

Next perform the minimal host configuration on each remaining sensor (IP address, access-list), and then copy the saved configuration to each sensor:

copy ftp: current-config

Again, provide the necessary credentials as prompted.

You will then be prompted as to whether to overwrite the host settings; choose not to do so.  This should implement all other sensor options you had configured on the initial sensor.

Also, as Bob mentioned, this method is sufficient for initial configuration; long-term policy management can be challenging with these processes.  If you will be looking to perform frequent and consistent signature tuning across all ten sensors you may wish to consider making use of Cisco Security Manager which allows you to create a shared signature policy.  This allows you to make the changes to one IPS policy and deploy that policy to all ten sensors concurrently.

Scott

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card