Previous Page Next Page

Configuring and Managing Cisco Guard Mitigation

This section briefly outlines the configuration parameters for the Cisco Guard Mitigation device.

Similar to the Detector software, the Guard Mitigation device can be configured by using the command-line interface (CLI) and also the built-in GUI WBM user interface.

The Guard needs to be initialized using CLI for basic parameters such as the IP address, gateway, routes, and ACL. After the Guard is initialized and routable in the network, it can be accessed using the web-based GUI to configure the remaining tasks.

Several command modes on the Guard CLI are available for user access. The access is mapped according to various CLI privilege levels, in a manner that is similar to the Detector software. By default, the user admin account is available with full administrative access rights to the Guard CLI.

Table 22-2 provides details of the various command and configuration modes used in the Guard CLI.

Table 22-2. Guard Command Configuration Modes
ModeDescription
GlobalAllows connection to remote devices and list system information.

The Global prompt is the default prompt when you log in to the Guard. The command prompt is as follows:

user@GUARD#
ConfigurationAllows configuration of features that affect the Guard operation and have restricted user access.

To enter configuration mode, use the configure command in global mode. The command prompt is as follows:

user@GUARD-conf#
Interface configurationAllows configuration of the Guard networking interfaces.

To enter interface configuration mode, use the interface command in configuration mode. The command prompt is as follows:

user@GUARD-conf-if-<interface-name>#
Router configurationAllows configuration of the Guard routing configuration.

To enter router configuration mode, use the router command in configuration mode. The command prompt is as follows:

router>
Zone configurationAllows configuration of the zone attributes.

To enter zone configuration mode, use the zone command in configuration mode or use the configure command in global mode. The command prompt is as follows:

user@GUARD-conf-zone-<zone-name>#
Policy template configurationAllows configuration of the zone policy templates.

To enter policy template configuration mode, use the policy-template command in zone configuration mode. The command prompt is as follows:

user@GUARD-conf-zone-<zone-name>-policy_template-<policy-template-name>#
Policy configurationAllows configuration of the zone policies.

To enter policy configuration mode, use the policy command in zone configuration mode. The command prompt is as follows:

user@GUARD-conf-zone-<zone-name>-policy-<policy-path>#


Managing the Guard

As mentioned earlier, the Guard needs to be initialized by using the CLI Console access.

However, the Guard can be accessed and managed using one of the following methods:

Initializing the Guard Using the CLI Console Access

After the Guard boot process finishes, use the CLI console to log in to the CLI Console, using the default username admin and password rhadmin.

Note

The Guard has four physical interfaces: eth0, eth1, giga0, and giga1. The out-of-band interfaces are eth0 and eth1 (10/100/1000 Ethernet sockets for out-of-band management). The eth0 or eth1 must be configured with an IP address and subnet mask. The in-band interfaces (copper or fiber socket) are giga0 and giga1.


Example 22-2 shows basic initial configuration parameters in the configuration mode that are used to activate the out-of-band management interface, assign the default gateway, and enable the built-in web-based GUI service for management (WBM).

By default, the Guard has restricted access and protects access for connections to the Guard, and any user trying to access the Guard must be explicitly permitted within the ACL. Example 22-2 shows a host located at IP address 10.1.1.150 that is being permitted in the ACL so that it can manage the Guard by using the built-in web-based GUI manager (WBM) application.

Example 22-2. Basic Guard Initialization Parameters Using CLI Console

user@GUARD-conf# interface eth1
user@GUARD-conf-if-eth1# ip address 192.168.10.1 255.255.255.0
user@GUARD-conf-if-eth1# no shutdown
user@GUARD-conf# default-gateway 192.168.10.254
user@GUARD-conf# service wbm
user@GUARD-conf# permit wbm 10.1.1.150

In addition to the previous sample configuration, other basic parameters can also be configured optionally:

After the configuration of basic initial parameters using CLI is completed, the Guard can be managed via the standard web browser from the desktop PC (Internet Explorer) by entering the following address:

https://Guard-ip-address/

Note

The Guard also supports TACACS+ authentication for user authentication. If configured, the Guard uses the TACACS+ user database for user authentication instead of its local database.


Configuring the Guard (Zones, Filters, Policies, Learning Process)

After initializing the Guard as shown in the previous section, several other parameters need to be configured on the Guard to complete the configuration, such as zones, zone filters, and policies. These can either be configured using the CLI Console or are best implemented using the built-in web-based GUI manager application.

The following section highlights some of the basic concepts of configuring Zones, Zone Filters, Policies, Guard Learning phase, and activating anomaly detection and the Guard device.

As discussed previously, several parameters need to be configured to complete the Cisco Guard Mitigation deployment (refer to Table 22-2).

These entire configurations can be accomplished either via the CLI Console access or the built-in GUI WBM application.

For a complete detail of configuring various options, refer to the Cisco technical documentation.


Previous Page Next Page