42-13
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter42 Configuring Attack Response Controller for Blocking and Rate Limiting
Blocking Page
Master Blocking Sensor Dialog Box
Use the Add or Modify Master Blocking Sensor dialog box to configure a master blocking sensor. For
more information about master blocking sensors, see Understanding the Master Blocking Sensor,
page 42-6.
Navigation Path
From the IPS Blocking policy, select the Master Blocking Sensors tab and click the Add Row button or
select an existing sensor and click the Edit Row button. For information on opening the Blocking policy,
see Blocking Page, page 42-8.
Field Reference
Enable Password The enable password for entering Privileged EXEC Mode (enable
mode), if required.
Table42-3 User Profile Dialog Box (Continued)
Element Description
Table42-4 Master Blocking Sensor Dialog Box
Element Description
IP Address The IP address of the master blocking sensor. Enter the IP address or
the name of a network/host policy object that contains a single host
address, or click Select to select an object from a list or to create a new
one.
Username The username to use to log in to the master blocking sensor. The user
account must be an active account configured on the master blocking
sensor.
Password The login password for the username.
Port The port on which to connect on the master blocking sensor. The
default is 443.
TLS Whether to use TLS.
If you select the TLS option, you must configure the ARC of the
blocking forwarding sensor to accept the TLS/SSL X.509 certificate of
the master blocking sensor remote host. (The blocking forwarding
sensor is any device to which you are assigning this blocking policy.)
The easiest way to configure the blocking forwarding sensor to accept
the X.509 certificate is to use the IPS Device Manager (IDM) to log into
the sensor, choose Configuration > Sensor Management >
Certificates > Trusted Hosts > Add Trusted Host, and add the master
blocking sensor as a trusted host. Alternatively, you can log into the
sensor CLI, enter configuration mode, and use the tls trusted-host
ip-address command.