Step 1
|
enable
|
Enables
privileged EXEC mode.
- Enter you password if
prompted.
|
Step 2
|
configure
terminal
Device# configure terminal
|
Enters global
configuration mode.
|
Step 3
|
interface
type
number
Device(config)# interface gigabitethernet 0/0/0
|
Configures
an interface and enters interface configuration mode.
|
Step 4
|
utd
enable
Device(config-if)# utd enable
|
Enables
unified threat defense (UTD).
|
Step 5
|
exit
|
Exits
interface configuration mode and returns to global configuration mode.
|
Step 6
|
Repeat
Steps 3 to 5, on all interfaces that require inspection.
|
|
Step 7
|
utd
threat-inspection whitelist
Device(config)# utd threat-inspection whitelist
|
(Optional) Enables the UTD allowed list configuration mode.
|
Step 8
|
generator id generator-id signature id signature-id [comment description]
Device(config-utd-whitelist)# generator id 24 signature id 24245 comment traffic from branchoffice1
|
Configures signature IDs to appear on the allowed list.
- Signature IDs can be copied from alerts that needs to be suppressed.
- You can configure multiple signature IDs.
- Repeat this step for each signature ID that needs
to appear on the allowed list.
|
Step 9
|
exit
Device(config-utd-whitelist)# exit
|
Exits UTD allowed list configuration mode and returns to global configuration mode.
|
Step 10
|
utd
engine
standard
Device(config)# utd engine standard
|
Configures
the unified threat defense (UTD) standard engine and enters UTD standard engine
configuration mode.
|
Step 11
|
logging {host hostname
| syslog}
Device(config-utd-eng-std)# logging syslog
|
Enables the logging of critical messages to the IOSd syslog.
|
Step 12
|
threat-inspection
Device(config-utd-eng-std)# threat-inspection
|
Configures
threat inspection for the Snort engine.
|
Step 13
|
threat
{detection
|
protection
}
Device(config-utd-eng-std-insp)# threat detection
|
Configures threat protection or Intrusion Detection System (IDS) as the operating mode for the Snort sensor.
- Configure the protection keyword to configure Intrusion Prevention System (IPS).
|
Step 14
|
policy
{balanced
|
connectivity
|
security}
Device(config-utd-eng-std-insp)# policy balanced
|
Configures
the security policy for the Snort sensor.
|
Step 15
|
whitelist
Device(config-utd-eng-std-insp)# whitelist
|
(Optional) Enables allowed listing of traffic.
|
Step 16
|
signature
update
occur-at
{daily
|
monthly
day-of-month
|
weekly
day-of-week}
hour
minute
Device(config-utd-eng-std-insp)# signature update occur-at daily 0 0
|
Configures
the signature update interval parameters. This configuration will trigger the
signature update to occur at midnight.
|
Step 17
|
signature
update
server
{cisco
|
url
url} [username
username
[password
password]]
Device(config-utd-eng-std-insp)# signature update server cisco username abcd password cisco123
|
Configures
the signature update server parameters. You must specify the signature update
parameters with the server details. If you use Cisco.com for signature updates,
you must provide the username and password. If you use local server for
signature updates, based on the server settings you can provide the username
and password.
|
Step 18
|
logging
level
{alert
|
crit
|
debug
|
emerg
|
err
|
info
|
notice
|
warning}
Device(config-utd-eng-std-insp)# logging level crit
|
|
Step 19
|
exit
Device(config-utd-eng-std-insp)# exit
|
Exits UTD
standard engine configuration mode and returns to global configuration mode.
|
Step 20
|
utd
|
Enables
unified threat defense (UTD) and enters UTD configuration mode.
|
Step 21
|
redirect interface
virtualPortGroup interface-number
Device(config-utd)# redirect interface virtualPortGroup 1
|
(Optional)
Redirects to a VirtualPortGroup interface. This is the data traffic interface.
If you do not configure this interface, it is auto-detected.
|
Step 22
|
engine
standard
Device(config-utd)# engine standard
|
Configures
the Snort-based unified threat defense (UTD) engine and enters standard engine
configuration mode.
|
Step 23
|
fail close
Device(config-engine-std)# fail close
|
(Optional) Defines the action when there is a UTD engine failure. Default option is fail-open. Fail-close option drops all
the IPS/IDS traffic when there is an UTD engine failure. Fail-open option allows all the IPS/IDS traffic when there is an
UTD engine failure.
|
Step 24
|
exit
Device(config-eng-std)# exit
|
Exits
standard engine configuration mode and returns to global configuration mode.
|
Step 25
|
end
|
Exits configuration mode and returns back to exec mode.
|