within a particular category by going to
System > Protection > Automated detection > Configuration
and
clicking on the name of the category. The examples are displayed above the
Status
section at the bottom of
the page.
Enabling automated protection
To enable intrusion protection on your VCS:
1. Go to
System > Administration
.
2. Set
Automated protection service
to
On
.
3. Click
Save
.
4. You must then ensure that the required protection categories are enabled and configured, and that any
required exemptions are specified, as described below.
All protection categories are disabled by default.
Configuring protection categories
The
Automated detection overview
page (
System > Protection > Automated detection >
Configuration
) is used to enable and configure the VCS's protection categories, and to view current activity.
The page displays a summary of all available categories, showing:
n
Status
: this indicates if the category is configured to be
On
or
Off
. When
On
, it additionally indicates the
state of the category: this is normally
Active
, but may temporarily display
Initializing
or
Shutting down
when
a category has just been enabled or disabled. Check the alarms if it displays
Failed
.)
n
Currently blocked
: the number of addresses currently being blocked for this category.
n
Total failures
: the total number of failed attempts to access the services associated with this category.
n
Total blocks
: the total number of times that a block has been triggered. Note that:
l
The
Total blocks
will typically be less than the
Total failures
(unless the
Trigger level
is set to 1).
l
The same address can be blocked and released several times per category, with each occurrence
counting as a separate block.
n
Exemptions
: the number of addresses that are configured as exempt from this category.
From this page, you can also view any currently blocked addresses or any exemptions that apply to a
particular category.
Enabling and disabling categories
To enable or disable one or more protection categories:
1. Go to
System > Protection > Automated detection > Configuration
.
2. Select the check box alongside the categories you want to enable or disable.
3. Click
Enable
or
Disable
as appropriate.
Configuring a category's blocking rules
To configure a category's specific blocking rules:
1. Go to
System > Protection > Automated detection > Configuration
.
2. Click on the name of the category you want to configure.
You are taken to the configuration page for that category.
Cisco VCS Administrator Guide (X8.1.1)
Page 37 of 507
Network and system settings
Intrusion protection