UPDATE 2011 – I started a video walkthrough series on configuring IPS you can find by clicking on yurisk.info/tag/video-how-to END OF UPDATE
Hello everyone. As I proceed in my studies towards the CCIE Security lab I’m starting a new category on the site – Cisco IPS. I will be posting all the things I learn about this gear, even the basics as I noted that on the Internet Cisco IPS sensors
are not much talked about and while not sure why this is so, I’ll try to fill the gap.In all cases I am using CIsco IPS sensor 4235 unless specified otherwise

Initial Configuration.
By default , out of the box the sensor has the following defaults:

Management IP:
Default gateway: Allowed access: from the network
Telnet access: disabled
HTTPS: port 443

As most likely your network has different network address the first thing to do is change management IP, default gateway and allowed management access network(s)/IP. You do so by connecting with console to it .
You can configure these basic network settings in 2 ways: enter all the configuration commands on CLI (if you know them) or run interactive menu-type setup by issuing on the CLI: #setup . I’ll show both ways but let’s start with the setup menu.
A short remark – IPS sensor is the one of not so many devices in the Cisco family that configuring/managing/communicating with it using its GUI interface is the recommended and preferred way . It is much more intuitive, simple, produces the very same configuration at the device as done in CLI. The only time you may need to do stuff with CLI is initial setup and debug.

Configuring minimal required settings through setup menu:

  1. Connect to the device by terminal
  2. enter default user/password: cisco/cisco (or see the documentation coming with the device);
  3. run:
    sensor# setup

– First you are presented with the whole configuration currently set, just hit Space key until it reaches the end and asks whether you want to enter the setup dialog , print yes and Enter:

Continue with configuration dialog?[yes]:     
Enter host name[sensor]: IPS4235  Here I set hostname to IPS4235
Enter IP interface[,]:,   Pay attention to the syntax of specifying the management IP its subnet mask and default gateway
Enter telnet-server status[disabled]: enable     I say yes here but you are advised to say no on production devices
Enter web-server port[443]:         Default https listening port
Modify current access list?[no]: yes
Current access list entries:
  No entries
Permit:                 I allow management access to the device form this specific station 
Permit:                       Hit Enter to move to the next menu item
Modify system clock settings?[no]: no
Modify summer time settings?[no]: no
Modify system timezone?[no]: no
Modify interface/virtual sensor configuration?[no]: no
Modify default threat prevention settings?[no]: 
------cut here------------
exit exit 

Upon finishing all the menu items in the dialog you are presented with the configuration you just entered :

The following configuration was entered. 
service host 
host-name IPS4235 
telnet-option enabled 
ftp-timeout 300 
no login-banner-text 
summertime-option disabled 
ntp-option disabled 
service web-server port 443 

At the end of the output you are given the following choices:

[0] Go to the command prompt without saving this config. 
[1] Return back to the setup without saving this config. 
[2] Save this configuration and exit setup. 
 Enter your selection[2]:   2 

Then device asks to reboot in order for the changes to take effect – confirm that.
After reboot you may enter the sensor using supported browser by the management IP:
Also make sure the station you are connecting from has Java virtual machine installed as the GUI is entirely based on it.