Cisco IPS sensor – initial setup

in Cisco
#Cisco

I am using Cisco IPS sensor 4235 unless specified otherwise

Initial Configuration.

By default , out of the box the sensor has the following defaults:

Management IP: 10.1.9.201/24
Default gateway: 10.1.9.1 Allowed access: from the network 10.1.9.201/24
Telnet access: disabled
HTTPS: port 443

As most likely your network has different network address the first thing to do is change management IP, default gateway and allowed management access network(s)/IP. You do so by connecting with console to it . You can configure these basic network settings in 2 ways: enter all the configuration commands on CLI (if you know them) or run interactive menu-type setup by issuing on the CLI: #setup. I’ll show both ways but let's start with the setup menu.
A short remark – IPS sensor is the one of not so many devices in the Cisco family that configuring/managing/communicating with it using its GUI interface is the recommended and preferred way . It is much more intuitive, simple, produces the very same configuration at the device as done in CLI. The only time you may need to do stuff with CLI is initial setup and debug.

Configuring minimal required settings through setup menu:

  1. Connect to the device by terminal
  2. enter default user/password: cisco/cisco (or see the documentation coming with the device);
  3. run:

sensor#setup

  • First you are presented with the whole configuration currently set, just hit Space key until it reaches the end and asks whether you want to enter the setup dialog , print yes and Enter:
    Continue with configuration dialog?[yes]:     
    Enter host name[sensor]: IPS4235  // Here I set hostname to IPS4235
    Enter IP interface[10.1.9.201/24,10.1.9.1]: 10.0.0.33/24,10.0.0.254 // Pay attention to the syntax of specifying the management IP its subnet mask and default gateway
    Enter telnet-server status[disabled]: enable   // I say yes here but you are advised to say no on production devices
    Enter web-server port[443]: // Default https listening port
    Modify current access list?[no]: yes
    Current access list entries:
      No entries
    Permit: 10.0.0.100/32       // I allow management access to the device form this specific station 
    Permit:                     // Hit Enter to move to the next menu item
    Modify system clock settings?[no]: no
    Modify summer time settings?[no]: no
    Modify system timezone?[no]: no
    Modify interface/virtual sensor configuration?[no]: no
    Modify default threat prevention settings?[no]: 
    ------cut here------------
    exit exit

Upon finishing all the menu items in the dialog you are presented with the configuration you just entered :

    The following configuration was entered. 
    service host 
    network-settings 
    host-ip 10.0.0.33/24,10.0.0.254 
    host-name IPS4235 
    telnet-option enabled 
    access-list 10.0.0.100/32  
    ftp-timeout 300 
    no login-banner-text 
    exit 
    time-zone-settings 
    exit 
    summertime-option disabled 
    ntp-option disabled 
    exit 
    service web-server port 443

At the end of the output you are given the following choices:

    [0] Go to the command prompt without saving this config. 
    [1] Return back to the setup without saving this config. 
    [2] Save this configuration and exit setup. 
     Enter your selection[2]:   2

Then device asks to reboot in order for the changes to take effect – confirm that.
After reboot you may enter the sensor using supported browser by the management IP: https://10.0.0.33
Also make sure the station you are connecting from has Java virtual machine installed as the GUI is entirely based on it.

Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.