Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
416
Views
5
Helpful
2
Replies

AIP SSM and VIrtual Sensors

Go to solution
ricey
Level 1
Level 1

‎10-08-2008 12:38 AM - edited ‎03-10-2019 04:19 AM

I am just setting up an AIP SSM module in an ASA 5520 with a single security context.

Do I need to configure virtual sensors in this instance? or can I just use the default VS0? In the IPS documentation it says "You cannot change the signature definition, event action rules, or anomaly detection policies." for the default virtual sensor (VS0) which is the only virtual sensore I have.

Can anybody clarify what that means? Does it in any way restrict the usefulness of the IPS if I do not configure a seperate VS?

Thanks very much.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎10-08-2008 05:19 AM

A single virual sensor vs0 is fine, especially when monitoring only a single security context.

The statement about not changing signature definition, event actions rules, or anomaly detection policies can be a little misleading.

What it is trying to say is that you can't create whole new polcies sig1, rules1, and ad1 and try to apply them to vs0. The default vs0 has to use sig0, rules0, and ad0.

If you created a new vs1, then you could apply new policies like sig1, rules1, and ad1 to that new vs1.

It does NOT mean that you can't make config changes within sig0, rules0, and ad0.

So feel free to make config changes to sig0, rules0 and ad0 to fine tune how your vs0 should handle the traffic.

It is just the Names of the policies that can't be changed when using vs0.

View solution in original post

2 Replies 2

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎10-08-2008 05:19 AM

A single virual sensor vs0 is fine, especially when monitoring only a single security context.

The statement about not changing signature definition, event actions rules, or anomaly detection policies can be a little misleading.

What it is trying to say is that you can't create whole new polcies sig1, rules1, and ad1 and try to apply them to vs0. The default vs0 has to use sig0, rules0, and ad0.

If you created a new vs1, then you could apply new policies like sig1, rules1, and ad1 to that new vs1.

It does NOT mean that you can't make config changes within sig0, rules0, and ad0.

So feel free to make config changes to sig0, rules0 and ad0 to fine tune how your vs0 should handle the traffic.

It is just the Names of the policies that can't be changed when using vs0.

Go to solution
ricey
Level 1
Level 1
In response to marcabal

‎10-08-2008 05:35 AM

Marcabal,

Thanks very much for clarifying that.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card