Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

configuring multiple IPS devices at the sametime

Hi All,

          I have 10 new IPS devices, i have to do the coniguration on all the 10 devices, the configuration on all the 10 devices wil be same........Is there an easy way to configure multiple devices at the same time (is there any script that can do that) or is there any way to automate this task?

Thanks,

2 REPLIES
Gold

Re: configuring multiple IPS devices at the sametime

For 10 devices the quickest way is to configure one device the way you want them all to look,

Do a "show conf", copy and paste this into your text editor, change the IP address/mask,gateway for each new device and paste them into each sensor.

When you get on each sensor, check the OS version and throw on a license key, if you bought them.

For only 10 devices, it isn;t worth installing the Cisco Security Manager unless you'll be actively managing signatures on an ongoing basis.

- Bob

Cisco Employee

Re: configuring multiple IPS devices at the sametime

Another option is to configure one sensor the way you want, as with Bob's recommendation.  Then copy the current configuration to a remote server (FTP, SCP, HTTP or HTTPS):

copy current-config ftp:

Follow the prompts to provide the necessary credentials.  (This example is using a FTP server)

Next perform the minimal host configuration on each remaining sensor (IP address, access-list), and then copy the saved configuration to each sensor:

copy ftp: current-config

Again, provide the necessary credentials as prompted.

You will then be prompted as to whether to overwrite the host settings; choose not to do so.  This should implement all other sensor options you had configured on the initial sensor.

Also, as Bob mentioned, this method is sufficient for initial configuration; long-term policy management can be challenging with these processes.  If you will be looking to perform frequent and consistent signature tuning across all ten sensors you may wish to consider making use of Cisco Security Manager which allows you to create a shared signature policy.  This allows you to make the changes to one IPS policy and deploy that policy to all ten sensors concurrently.

Scott

299
Views
9
Helpful
2
Replies
CreatePlease to create content