You can configure Intrusion Prevention policy with a configuration wizard. The Intrusion Prevention configuration workflow contains the following components:
- Administration Settings
- Intrusion Prevention Configuration
- Apply IPS Policy to a device
In Cisco vManage NMS, select the Administration ► Settings tab in the left side panel to configure IPS Signature Update. Click on Edit to Enable/Disable and provide Username and Password details to save the Policy details as shown in the following screenshot.
Intrusion Prevention Configuration
To configure Intrusion Prevention through Security, use the vManage security configuration wizard:
1. In Cisco vManage NMS, select the Configuration ► Security tab in the left side panel.
2. Click Add Security Policy. The Add Security Policy wizard opens, and various use-case scenarios display.
3. In Add Security Policy, select Direct Internet Access.
4. Click Proceed to add an Intrusion Prevention policy in the wizard.
5. In the Add Security Policy wizard, select Intrusion Prevention tab to create a new Intrusion Prevention Policy.
6. Click the Add Intrusion Prevention Policy drop-down, select Create New to create a new Intrusion Prevention policy. The Intrusion Prevention - Policy Rule Configuration wizard appears.
7. Enter a policy name in the Policy Name field.
8. Choose signature set from the Signature Set drop-down. The following options are available:
9. Choose mode of operation from the Inspection Mode drop-down. The following options are available:
10. From the Advanced tab, choose an existing whitelist profile or create a new one from the Signature Whitelist drop-down.
11. Choose alert level for syslogs from the Alert Log Level drop-down. The options are:
12. Click on Target VPNs to add required number of VPNs in Add Target VPNs wizard.
13. Click Save Changes to add an Intrusion Prevention policy.
14. Click on Policy Summary tab to attach a policy to Security Master Policy Configuration.
15. Enter Security Policy Name and Security Policy Description in the respective fields.
16. In the Additional Policy Settings tab ► Intrusion Prevention and/or URL Filtering, choose the following options:
- External Syslog Server VPN
- Server IP
- Failure Mode – Open/Close
17. Click Save Policy Changes to configure Intrusion Security policy.
18. You can edit the existing Intrusion Prevention policy by clicking on Custom Options in the right-side panel of vManage ► Configuration ► Security wizard.
Applying Intrusion Prevention Policy to a Device
1. In vManage NMS, select the Configuration ► Templates screen.
2. In the Device tab, from the Create Template drop-down, select From Feature Template.
3. From the Device Model drop-down, select one of the IOS XE SD-WAN devices.
4. Click the Additional Templates tab located directly beneath the Description field. The screen scrolls to the Additional Templates section.
5. From the Security Policy drop-down, select the name of the Intrusion Policy you configured in the above procedure.
6. Click Create to apply Intrusion policy to a device.
Monitoring Intrusion Prevention Feature
You can monitor the Intrusion Prevention System (IPS) signature violations by severity and by count using the following steps.
To monitor the Signatures of IPS Configuration on IOS XE SD-WAN device:
- From the Monitor ► Network screen, select a device.
2. In the left panel, under Security Monitoring, select Intrusion Prevention tab. The Intrusion Prevention wizard displays.
3. Click on By Count to monitor the Signature hit count that are violated.