35-29
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter3 5 Getting Started with IPS Configuration
Configuring IPS Security Settings
Configuring IPS Security Settings
Use the IPS Security Settings policy to configure two items that are important to the security of your IPS
devices:
Permit packet capture logging—With this feature, IPS devices can prevent users from arbitrarily
executing packet capture/display/iplog commands. In previous versions of Security Manager, such
actions leave no trace of who executed the command.
Configurable idle timeout—When configured, this feature terminates the connection to an IPS
device after a period of time that you specify. Its purpose is to increase the security of a CLI session.
Note These settings are available for devices operating with IPS 7.1.3 and later.
To configure IPS security settings, select one of the following policies:
(Device view) Select Platform > Security >Settings from the Policy selector.
(Policy view) Select IPS > Platform > Security > Settings from the Policy Type selector, then
select an existing policy or create a new one.
The following table explains the IPS security settings that you can configure.
Table35-9 IPS Security Settings Policy
Element Description
Permit packet logging Whether to enable packet logging; applies to packet
capture/display/iplog commands.
CLI Inactivity Timeout (In
Minutes)
Terminates the connection to an IPS device after the specified period of
time.