I have two related questions to SNMP set support on version 5.x of the IPS sensors:
1) Is it possible to enable gets but not sets? There is just one configuration setting (enable-set-get to true or false). The docs allude to the default SNMP RW community string to be private (assuming that enable-set-get is set to true). It seems that if you want to allow gets, the only way to prevent sets is to change the RW community string to a long, random string and not reference that long, random string anywhere else.
2) What can be set with the RW community string. It looks like most of the Cisco proprietary mibs are read only, so I'd guess MIB2 variables which would allow counter resets, sysLocation, sysContact and potentially management interface IP configuration?
Thanks for any guidance. The documentation doesn't go into any detail on read-write control.
Routers and switches provide MARS with data about traffic flows and the network topology, including address translations, endpoint devices, connected networks, and accepted and rejected sessions. Routers and switches also support modules that enable features common to specialty security appliances, such as firewalls and intrusion detection or prevention systems (IDS/IPS). This chapter does not describe how to enable the features on routers and switches that enable the modules or how to configure these modules for use by MARS.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...