Sensor Setup Window
In the two Sensor Setup window, you can configure the sensor for basic operation. Most of the fields will already be populated because you assigned the values during initialization. But you can change them here if needed.
Field Definitions
The following fields are found in the Sensor Setup window:
-
Network Settings—Lets you set the network settings of the sensor:
– Host Name—Specifies the name of the sensor. The hostname can be a string of 1 to 64 characters that matches the pattern ^[A-Za-z0-9_/-]+$. The default is sensor. You receive an error message if the name contains a space or exceeds 64 alphanumeric characters.
– IP Address—Specifies the IP address of the sensor. The default is 192.168.1.2.
– Subnet Mask—Specifies the mask corresponding to the IP address. The default is 255.255.255.0.
– Gateway—Specifies the default gateway address. The default is 192.168.1.1.
– HTTP Proxy Server—Lets you enter an HTTP proxy server IP address. You may need proxy servers to download global correlation updates if customer networks use proxy in their networks.
– HTTP Proxy Port—Lets you enter the port number for the HTTP proxy server.
– DNS Primary—Lets you enter the primary DNS server IP address.
Caution For automatic and global correlation updates to function, you must have either a DNS server or an HTTP proxy server configured at all times.
Caution DNS resolution is supported only for accessing the automatic update and global correlation update server.
-
Allowed hosts/networks that can access the sensor—Lets you add ACLs:
– Network—Specifies the IP address of the network you want to add to the access list.
– Mask—Specifies the netmask of the network you want to add to the access list.
Note If you change the sensor ACL entries, the IME may lose connection to the sensor when the changes are applied.
-
Network Participation—Lets you chose to participate in sending data to the SensorBase Network and at which level you want to participate:
– Off—No data is contributed to the SensorBase Network.
– Partial—Data is contributed to the SensorBase Network, but data considered potentially sensitive is filtered out and never sent.
– Full—All data is contributed to the SensorBase Network.
Sensor Setup Wind
In the two Sensor Setup windows, you can configure the sensor for basic operation. Most of the fields will already be populated because you assigned the values during initialization. But you can change them here if needed.
Field Definitions
-
Current Sensor Date and Time—Sets the time and date for appliances that are not configured with an NTP server:
– Date—Specifies the sensor local date. When you update the time and date, click
Apply Date/Time to Sensor
to have it go in to effect.
– Apply Date/Time to Sensor—Immediately updates the time and date on the sensor.
Note If you cancel the Startup Wizard, the date and time changes remain.
-
Time Zone—Sets the zone name and UTC offset:
– Zone Name—Specifies the local time zone when summertime is not in effect. The default is UTC. You can choose from a predefined set of 37 time zones, or you can create a unique name (24 characters) in the following pattern: ^[A-Za-z0-9()+:,_/-]+$
– Offset—Specifies the local time zone offset in minutes. The default is 0. If you select a predefined time zone this field is populated automatically.
Note Changing the time zone offset requires the sensor to reboot.
-
NTP Server—Lets you configure the sensor to use an NTP server as its time source:
– IP Address—Specifies the IP address of the NTP server if you use this to set time on the sensor.
– Authenticated NTP—Lets you use authenticated NTP, which requires a key and key ID.
– Key—Specifies the NTP MD5 key type.
– Key ID—Specifies the ID of the key (1 to 65535) used to authenticate on the NTP server. You receive an error message if the key ID is out of range.
Note We recommend that you use an NTP server as the sensor time source.
-
Summertime—Lets you configure the summer mode:
– Enable Summertime—Check to enable summertime mode. The default is disabled.
– Configure Summertime—Click to configure summertime settings.
Configuring Sensor Settings
To configure sensor settings in the Startup Wizard, follow these steps:
Step 1 Log in to the IME using an account with administrator privileges.
Step 2 Choose
Configuration >
sensor_name
> Sensor Setup > Startup Wizard > Launch Startup Wizard
, and then click
Next
.
Step 3 In the Host Name field, enter the sensor name.
Step 4 In the IP Address field, enter the sensor IP address.
Step 5 In the Subnet Mask field, enter the network mask address.
Step 6 In the Gateway field, enter the default gateway address.
Note If you change the sensor network settings, the IME loses connection to the sensor when the changes are applied.
Step 7 To configure either an HTTP proxy server or a DNS server to support automatic updates and global correlation, enter the HTTP proxy server IP address in the HTTP Proxy Server field and the port number in the HTTP Proxy Port field, or enter the DNS server IP address in the DNS Primary field. If you do not want to turn on global correlation, click
OK
on the following Warning dialog box:
Global correlation requires either an HTTP proxy server or at least one DNS server.
If you are using a DNS server, you must configure at least one DNS server and it must be reachable for automatic updates and global correlation updates to be successful. You can configure other DNS servers as backup servers. DNS queries are sent to the first server in the list. If it is unreachable, DNS queries are sent to the next configured DNS server.
Caution For automatic and global correlation updates to function, you must have either a DNS server or an HTTP proxy server configured at all times.
Caution DNS resolution is supported only for accessing the automatic update or global threat correlation update server.
Step 8 To configure the hosts and networks that are allowed to access the sensor, click
Add
:
a. In the IP Address field, enter the IP address of the host you want to have access to the sensor.
b. In the Network Mask field, enter the network mask address of the host you want to have access to the sensor.
c. Click
OK
.
Tip To discard your changes and close the Add ACL Entry dialog box, click Cancel.
Step 9 To enable network participation, select the degree of network participation that you want:
-
Off—No data is contributed to the SensorBase Network.
-
Partial—Data is contributed to the SensorBase Network, but data considered potentially sensitive is filtered out and never sent.
-
Full—All data is contributed to the SensorBase Network.
Note The default is Off. If you chose Partial or Full, you must agree to the Network Participation Disclaimer.
Tip To discard your changes and close the Sensor Setup window, click Cancel.
Step 10 Click
Next
to continue to the next Setup window.
Step 11 Under Current Sensor Date and Time, select the current date and time from the drop-down calendar, and then click
OK
, and then click
Apply Date/Time to Sensor
. Date and time indicate the date and time on the local host.
Caution If you accidentally specify the incorrect time, stored events have the wrong time stamp. You must clear the events.
Note If you cancel the Startup Wizard, the date and time changes remain.
Note You cannot change the date or time on IPS modules or if you have configured NTP.
Step 12 Under Time Zone, configure the time zone and offset:
a. In the Zone Name field, choose a time zone from the drop- down list, or enter one that you have created. This is the time zone to be displayed when summertime hours are not in effect.
b. In the Offset field, enter the offset in minutes from UTC. If you choose a predefined time zone name, this field is automatically populated.
Note Changing the time zone offset requires the sensor to reboot.
Step 13 If you are using NTP synchronization, under NTP Server enter the following:
-
The IP address of the NTP server in the IP Address field.
-
If using authenticated NTP, check the
Authenticated NTP
check box, and then enter the key of the NTP server in the Key field, and the key ID of the NTP server in the Key ID field.
Note If you define an NTP server, the sensor time is set by the NTP server. The CLI clock set command produces an error, but time zone and daylight saving time parameters are valid.
Step 14 To enable daylight saving time, check the
Enable Summertime
check box, and then click
Configure Summertime
.
Step 15 Choose the Summer Zone Name from the drop-down list or enter one that you have created. This is the name to be displayed when daylight saving time is in effect.
Step 16 In the Offset field, enter the number of minutes to add during summertime. If you choose a predefined summer zone name, this field is automatically populated.
Step 17 In the Start Time field, enter the time to apply summertime settings.
Step 18 In the End Time field, enter the time to remove summertime settings.
Step 19 Under Summertime Duration, choose whether summertime settings will occur on specified days each year (recurring) or whether they will start and end on specific dates (date):
a. Recurring—Choose the Start and End times from the drop-down lists. The default is the second Sunday in March and the first Sunday in November.
b. Date—Choose the Start and End time from the drop-down lists. The default is January 1 for the start and end time.
Step 20 Click
OK
.
Tip To discard your changes, click Cancel.
Step 21 Click
Next
to continue through the Startup Wizard.
Note Changing the network settings may disrupt your connection to the sensor and force you to reconnect with the new address.