We have some <other vendor> IPS and for a new implementation we bought IPS Cisco 4270, i have taken the couse of Cisco IPS and I liked how it works. But we have a big problem thats apply to our company, at different level the manager, boss and the user, obtain different level of information (like quantity of events, graphical informations, etc.) These information I can show with some gadgets without problem, the problem begins when the IME supports only one user logued, the <other vendor> administration console support severals logons to the client console. Because this factor may be vital for the future purchase or replacement of these devices, I need to find a way of not losing the "multi-login" feature.
At the moment I do not know how to solve this problem, might give me ideas that can help me? Thank you all.
IPS Manager Express is designed as a quick and free option for managing/monitoring Cisco IPS sensors. It is possible to allow each user to have their own installation of IME as data is stored local to each installation. The issue here is the five (5) subscription limitation allowed for SDEE-based event retrieval - so only five users would be able to monitor the sensors.
For large scale, multi-user monitoring of Cisco IPS sensors, Cisco provides CS-MARS which can collect and correlate events from multiple Cisco IPS sensors as well as other Cisco security devices. You may also want to look into the upcoming release of CSM 4.0 which will include the ability to monitor both Cisco IPS and Cisco firewall events; this is also a multi-user based solution.
It may be benficial to engage your local Cisco account team or partner to discuss a more tailored solution for your environment.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...