Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

AIP SSM and VIrtual Sensors

I am just setting up an AIP SSM module in an ASA 5520 with a single security context.

Do I need to configure virtual sensors in this instance? or can I just use the default VS0? In the IPS documentation it says "You cannot change the signature definition, event action rules, or anomaly detection policies." for the default virtual sensor (VS0) which is the only virtual sensore I have.

Can anybody clarify what that means? Does it in any way restrict the usefulness of the IPS if I do not configure a seperate VS?

Thanks very much.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: AIP SSM and VIrtual Sensors

A single virual sensor vs0 is fine, especially when monitoring only a single security context.

The statement about not changing signature definition, event actions rules, or anomaly detection policies can be a little misleading.

What it is trying to say is that you can't create whole new polcies sig1, rules1, and ad1 and try to apply them to vs0. The default vs0 has to use sig0, rules0, and ad0.

If you created a new vs1, then you could apply new policies like sig1, rules1, and ad1 to that new vs1.

It does NOT mean that you can't make config changes within sig0, rules0, and ad0.

So feel free to make config changes to sig0, rules0 and ad0 to fine tune how your vs0 should handle the traffic.

It is just the Names of the policies that can't be changed when using vs0.

2 REPLIES
Cisco Employee

Re: AIP SSM and VIrtual Sensors

A single virual sensor vs0 is fine, especially when monitoring only a single security context.

The statement about not changing signature definition, event actions rules, or anomaly detection policies can be a little misleading.

What it is trying to say is that you can't create whole new polcies sig1, rules1, and ad1 and try to apply them to vs0. The default vs0 has to use sig0, rules0, and ad0.

If you created a new vs1, then you could apply new policies like sig1, rules1, and ad1 to that new vs1.

It does NOT mean that you can't make config changes within sig0, rules0, and ad0.

So feel free to make config changes to sig0, rules0 and ad0 to fine tune how your vs0 should handle the traffic.

It is just the Names of the policies that can't be changed when using vs0.

Community Member

Re: AIP SSM and VIrtual Sensors

Marcabal,

Thanks very much for clarifying that.

181
Views
5
Helpful
2
Replies
CreatePlease to create content