Technote (FAQ)
Question
What settings do you use for kill/reset packets on Crossbeam when running in IDS/passive mode?
Related Articles:
Technote 1436157 - Known Issues for Proventia for Crossbeam
Technote 1436163 - LMI/Web Interface Update Option to Back Up Before Installation
Technote 1436166 - SiteProtector policies are not updated automatically when registered in SP with Proventia Crossbeam IPS
Technote 1436169 - "Set Policy Requested Failed" Popup Appears When Saving User Defined Responses with Unsafe Script Location
Technote 1436173 - LMI Not Accessed When Changing Max-load-count
Technote 1436192 - Proventia Crossbeam Bug with the NPMs sending information to the APMs (VAP Failures)
Technote 1436182 - Netengine Killed When Local Tuning Parameters Applied and tcpdump/tethereal is Running
Cause
When Proventia IPS is configured for monitoring mode it must also be configured to use a dedicated kill circuit so reset packets are properly transmitted. This means that the Proventia IPS configuration setting sensor.vnd.killport must be set to killport and sensor.adapter.reset must contain the name of a properly configured [refer to XOS IDS user's guide] kill circuit.
When Proventia IPS is configured in protection or simulation mode, sensor.vnd.killport may be set to thisPort.
Note: This only applies to monitoring mode. Each of the monitored circuits must be configured with promiscuous-mode. This mode causes the circuit to act as a read-only device that is capable of handling traffic in one direction only -- towards the VAP. Reset packets generated by the Proventia IPS will not be transmitted correctly. Proper handling of reset packets requires a dedicated circuit for each IDS VAP Group on a chassis in all cases -- regardless of whether the IDS is used in a serialized application deployment with another product, e.g., a firewall, or is deployed as a stand-alone application.
Answer
User's guide text:
Name: sensor.vnd.killport
Type: string
Default Value: thisPort
Note: other value is killPort
Description: Specifies the kill port used for TCP resets for the specified VND.
Note: If your application is in passive monitoring mode, set the value to killPort. This value provides a dedicated circuit for reset/kill packets.
If the above information does not resolve your issue, please contact IBM Security Systems Customer Support.
Historical Number
4704
Product Alias/Synonym
Proventia for Crossbeam
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.