{"id":632,"date":"2011-01-11T18:46:57","date_gmt":"2011-01-11T17:46:57","guid":{"rendered":"https:\/\/thebc.ch\/blog\/?p=632"},"modified":"2013-02-01T12:53:25","modified_gmt":"2013-02-01T11:53:25","slug":"tippingpoint-konfigurations-faq","status":"publish","type":"post","link":"https:\/\/thebc.ch\/blog\/?p=632","title":{"rendered":"Tippingpoint Konfigurations FAQ"},"content":{"rendered":"<div class='toc toc'>\n<h2>Contents<\/h2>\n<ul class='toc-odd level-1'>\n\t<li>\n\t\t<a href=\"#Links\">Links<\/a>\n\t<\/li>\n\t<li>\n\t\t<a href=\"#IPS\">IPS<\/a>\n\t\t<ul class='toc-even level-2'>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Allgemeine_Infos\">Allgemeine Infos<\/a>\n\t\t\t\t<ul class='toc-odd level-3'>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#Serial\">Serial<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t<\/ul>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Reset\">Reset<\/a>\n\t\t\t\t<ul class='toc-odd level-3'>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#Reset_SuperUser_Password\">Reset SuperUser Password<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#How_to_Reset_an_IPS_to_Factory_Settings\">How to Reset an IPS to Factory Settings<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t<\/ul>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Management\">Management<\/a>\n\t\t\t\t<ul class='toc-odd level-3'>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#Disable_SMS_Mgmt.\">Disable SMS Mgmt.<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#Enable_SMS_Mgmt.\">Enable SMS Mgmt.<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#Show_SMS_configuration\">Show SMS configuration<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#Configuring_restrict_the_Management_Port_of_the_IPS\">Configuring (restrict) the Management Port of the IPS<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#Using_Non_IE_Browser\">Using Non IE Browser<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#Version\">Version<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t<\/ul>\n\t\t\t<li>\n\t\t\t\t<a href=\"#Stats\">Stats<\/a>\n\t\t\t\t<ul class='toc-odd level-3'>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#Rules_number_of_flows_successful_matches\">Rules, number of flows, successful matches<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#Packet_Statistic\">Packet Statistic<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#Port_status_RX_TX_Autoneg\">Port status, RX, TX, Autoneg<\/a>\n\t\t\t\t\t<\/li>\n\t\t\t\t<\/ul>\n<\/ul>\n\t\t\t<li>\n\t\t\t\t<a href=\"#SMS\">SMS<\/a>\n\t\t\t\t<ul class='toc-even level-2'>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#Allgemeine_Infos_1\">Allgemeine Infos<\/a>\n\t\t\t\t\t\t<ul class='toc-odd level-3'>\n\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t<a href=\"#Serial_1\">Serial<\/a>\n\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t<a href=\"#Default_Password_case_sensitive\">Default Password (case sensitive!!!!)<\/a>\n\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#Reset_1\">Reset<\/a>\n\t\t\t\t\t\t<ul class='toc-odd level-3'>\n\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t<a href=\"#Recovering_a_Lost_SMS_SuperUser_Password\">Recovering a Lost SMS SuperUser Password<\/a>\n\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t<a href=\"#Resetting_the_SMS_to_Factory_Defaults\">Resetting the SMS to Factory Defaults<\/a>\n\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#Management_1\">Management<\/a>\n\t\t\t\t\t\t<ul class='toc-odd level-3'>\n\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t<a href=\"#How_to_Enable_Pinging_of_the_SMS\">How to Enable Pinging of the SMS<\/a>\n\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t<a href=\"#Lock_Down_the_SMS_Webpage_on_GUI\">Lock Down the SMS Webpage on GUI<\/a>\n\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#CLI_commands\">CLI commands<\/a>\n\t\t\t\t\t\t<ul class='toc-odd level-3'>\n\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t<a href=\"#New_2.5_commands\">New 2.5 commands<\/a>\n\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n<\/ul>\n\t\t\t\t\t<li>\n\t\t\t\t\t\t<a href=\"#Allgemeine_Infos_2\">Allgemeine Infos<\/a>\n\t\t\t\t\t\t<ul class='toc-even level-2'>\n\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t<a href=\"#Security_Levels\">Security Levels<\/a>\n\t\t\t\t\t\t\t<\/li>\n\t\t\t\t\t\t\t<li>\n\t\t\t\t\t\t\t\t<a href=\"#Zustzliche_Filter_konfiguration\">Zus\u00c3\u00a4tzliche Filter konfiguration<\/a>\n\t\t\t\t\t\t\t<\/li>\n<\/ul>\n<\/ul>\n<\/ul>\n<\/div>\n<div class='toc-end'>&nbsp;<\/div>\n<span id=\"Links\"><h2>Links<\/h2><\/span>\n<ul>\n<li><a title=\"http:\/\/lists.unc.edu\/read\/all_forums\/subscribe?name=tippingpoint\" href=\"http:\/\/lists.unc.edu\/read\/all_forums\/subscribe?name=tippingpoint\" rel=\"nofollow\">Mailinglist<\/a><\/li>\n<li><a title=\"http:\/\/www.tippingpoint.com\/products_ips.html\" href=\"http:\/\/www.tippingpoint.com\/products_ips.html\" rel=\"nofollow\">Product Information<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><a id=\"IPS\" name=\"IPS\"><\/a><\/p>\n<span id=\"IPS\"><h2>IPS<\/h2><\/span>\n<p><a id=\"allgemeine_Infos\" name=\"allgemeine_Infos\"><\/a><\/p>\n<span id=\"Allgemeine_Infos\"><h3>Allgemeine Infos<\/h3><\/span>\n<p><a id=\"Serial\" name=\"Serial\"><\/a><\/p>\n<span id=\"Serial\"><h4>Serial<\/h4><\/span>\n<pre>115200 bps, 8 Data Bits, Parity None, Stop Bits 1<\/pre>\n<p>&nbsp;<\/p>\n<p><a id=\"Reset\" name=\"Reset\"><\/a><\/p>\n<span id=\"Reset\"><h3>Reset<\/h3><\/span>\n<p><a id=\"Reset_SuperUser_Password\" name=\"Reset_SuperUser_Password\"><\/a><\/p>\n<span id=\"Reset_SuperUser_Password\"><h4>Reset SuperUser Password<\/h4><\/span>\n<pre>Connect with console cable (115200 bps, 8 Data Bits, Parity None, Stop Bits 1)\r\n1. Reboot\r\n2. As the IPS is booting, watch for the word \\u201cLoading\\u201d, this comes up after the TippingPoint banner.\r\n3. Type the word mkey within 3 seconds.\r\n4. Specify the new security level, SuperUser login and password.<\/pre>\n<p><a id=\"How_to_Reset_an_IPS_to_Factory_Settings\" name=\"How_to_Reset_an_IPS_to_Factory_Settings\"><\/a><\/p>\n<span id=\"How_to_Reset_an_IPS_to_Factory_Settings\"><h4>How to Reset an IPS to Factory Settings<\/h4><\/span>\n<pre>debug factory-reset (debug is with older firmwares restricted, get SuperUser Password from support. provide\r\n   conf t service-access information to TP.<\/pre>\n<p>&nbsp;<\/p>\n<p><a id=\"Management\" name=\"Management\"><\/a><\/p>\n<span id=\"Management\"><h3>Management<\/h3><\/span>\n<p><a id=\"Disable_SMS_Mgmt.\" name=\"Disable_SMS_Mgmt.\"><\/a><\/p>\n<span id=\"Disable_SMS_Mgmt.\"><h4>Disable SMS Mgmt.<\/h4><\/span>\n<pre>configure terminal no sms<\/pre>\n<p><a id=\"Enable_SMS_Mgmt.\" name=\"Enable_SMS_Mgmt.\"><\/a><\/p>\n<span id=\"Enable_SMS_Mgmt.\"><h4>Enable SMS Mgmt.<\/h4><\/span>\n<pre>configure terminal sms<\/pre>\n<p><a id=\"Show_SMS_configuration\" name=\"Show_SMS_configuration\"><\/a><\/p>\n<span id=\"Show_SMS_configuration\"><h4>Show SMS configuration<\/h4><\/span>\n<pre>show sms<\/pre>\n<p><a id=\"Configuring_.28restrict.29_the_Management_Port_of_the_IPS\" name=\"Configuring_.28restrict.29_the_Management_Port_of_the_IPS\"><\/a><\/p>\n<span id=\"Configuring_restrict_the_Management_Port_of_the_IPS\"><h4>Configuring (restrict) the Management Port of the IPS<\/h4><\/span>\n<pre>configure terminal host ip-filter permit ip 111.222.33.44 255.255.255.255<\/pre>\n<p><a id=\"Using_Non_IE_Browser\" name=\"Using_Non_IE_Browser\"><\/a><\/p>\n<span id=\"Using_Non_IE_Browser\"><h4>Using Non IE Browser<\/h4><\/span>\n<pre>configure terminal server no browser-check<\/pre>\n<p><a id=\"Version\" name=\"Version\"><\/a><\/p>\n<span id=\"Version\"><h4>Version<\/h4><\/span>\n<pre>show version<\/pre>\n<p>&nbsp;<\/p>\n<p><a id=\"Stats\" name=\"Stats\"><\/a><\/p>\n<span id=\"Stats\"><h3>Stats<\/h3><\/span>\n<p><a id=\"Rules.2C_number_of_flows.2C_successful_matches\" name=\"Rules.2C_number_of_flows.2C_successful_matches\"><\/a><\/p>\n<span id=\"Rules_number_of_flows_successful_matches\"><h4>Rules, number of flows, successful matches<\/h4><\/span>\n<pre>show np rule-stats\r\nshow filter \"filterNr\"<\/pre>\n<p><a id=\"Packet_Statistic\" name=\"Packet_Statistic\"><\/a><\/p>\n<span id=\"Packet_Statistic\"><h4>Packet Statistic<\/h4><\/span>\n<pre>show np engine packet<\/pre>\n<p><a id=\"Port_status.2C_RX.2C_TX.2C_Autoneg\" name=\"Port_status.2C_RX.2C_TX.2C_Autoneg\"><\/a><\/p>\n<span id=\"Port_status_RX_TX_Autoneg\"><h4>Port status, RX, TX, Autoneg<\/h4><\/span>\n<pre>show interface ethernet 3 1 -details\r\nshow interface mgmtEthernet -details<\/pre>\n<p>&nbsp;<\/p>\n<pre>for details of IPS segment 1, segment 2 would be \"3 2\".<\/pre>\n<p>&nbsp;<\/p>\n<p><a id=\"SMS\" name=\"SMS\"><\/a><\/p>\n<span id=\"SMS\"><h2>SMS<\/h2><\/span>\n<p><a id=\"allgemeine_Infos_2\" name=\"allgemeine_Infos_2\"><\/a><\/p>\n<span id=\"Allgemeine_Infos_1\"><h3>Allgemeine Infos<\/h3><\/span>\n<p><a id=\"Serial_2\" name=\"Serial_2\"><\/a><\/p>\n<span id=\"Serial_1\"><h4>Serial<\/h4><\/span>\n<pre>9600 bps, 8 Data Bits, Parity None, Stop Bits 1<\/pre>\n<p><a id=\"Default_Password_.28case_sensitive.21.21.21.21.29\" name=\"Default_Password_.28case_sensitive.21.21.21.21.29\"><\/a><\/p>\n<span id=\"Default_Password_case_sensitive\"><h4>Default Password (case sensitive!!!!)<\/h4><\/span>\n<pre>login: SuperUser\r\nPassword:  SuperUser<\/pre>\n<p>&nbsp;<\/p>\n<p><a id=\"Reset_2\" name=\"Reset_2\"><\/a><\/p>\n<span id=\"Reset_1\"><h3>Reset<\/h3><\/span>\n<p><a id=\"Recovering_a_Lost_SMS_SuperUser_Password\" name=\"Recovering_a_Lost_SMS_SuperUser_Password\"><\/a><\/p>\n<span id=\"Recovering_a_Lost_SMS_SuperUser_Password\"><h4>Recovering a Lost SMS SuperUser Password<\/h4><\/span>\n<pre>1. Reboot the SMS\r\n2. When the LILO prompt appears, press the TAB key\r\n3. Type Recover\r\nThe SMS will run a recovery script that will ask for the new SuperUser password.<\/pre>\n<pre>4. When the SMS is ready to login, specify;\r\n Login: SuperUser Password: SERIAL-NUMBER-OF-THE-SMS\r\n (Press ALT-F12 to see this) Press Alt-f1 to get back to the main login screen. Once in,\r\n you can change the password via the \"getpasswd\" command.<\/pre>\n<p>&nbsp;<\/p>\n<p><a id=\"Resetting_the_SMS_to_Factory_Defaults\" name=\"Resetting_the_SMS_to_Factory_Defaults\"><\/a><\/p>\n<span id=\"Resetting_the_SMS_to_Factory_Defaults\"><h4>Resetting the SMS to Factory Defaults<\/h4><\/span>\n<pre> Run the following sequence of commands to reset an SMS\r\nto its original factory settings. \r\n\r\n set db.reinit\r\n set pwd.service-enable=1 (wait for completion)\r\n set repos.reset=SERIAL OF SERVER (wait for completion)\r\n shutdown (will restart SMS with setup wizard)<\/pre>\n<pre>After the reboot, you may need to run the \\u201csetup\\u201d command to initiate the setup wizard.<\/pre>\n<p>&nbsp;<\/p>\n<p><a id=\"Management_2\" name=\"Management_2\"><\/a><\/p>\n<span id=\"Management_1\"><h3>Management<\/h3><\/span>\n<p><a id=\"How_to_Enable_Pinging_of_the_SMS\" name=\"How_to_Enable_Pinging_of_the_SMS\"><\/a><\/p>\n<span id=\"How_to_Enable_Pinging_of_the_SMS\"><h4>How to Enable Pinging of the SMS<\/h4><\/span>\n<pre>set svc.ping-enable=1<\/pre>\n<p>&nbsp;<\/p>\n<p><a id=\"Lock_Down_the_SMS_Webpage_on_GUI\" name=\"Lock_Down_the_SMS_Webpage_on_GUI\"><\/a><\/p>\n<span id=\"Lock_Down_the_SMS_Webpage_on_GUI\"><h4>Lock Down the SMS Webpage on GUI<\/h4><\/span>\n<pre>Edit -&gt; Preferences -&gt; Security -&gt; Require Login for Web Access<\/pre>\n<p>&nbsp;<\/p>\n<p><a id=\"CLI_commands\" name=\"CLI_commands\"><\/a><\/p>\n<span id=\"CLI_commands\"><h3>CLI commands<\/h3><\/span>\n<p><a id=\"new_2.5_commands\" name=\"new_2.5_commands\"><\/a><\/p>\n<span id=\"New_2.5_commands\"><h4>New 2.5 commands<\/h4><\/span>\n<p>Static Routing<\/p>\n<hr \/>\n<p>Adds static IP route route.add &lt;destination&gt; &lt;mask&gt; &lt;gateway&gt;<\/p>\n<p>Deletes static IP route route.del &lt;destination&gt; &lt;mask&gt; &lt; gateway&gt;<\/p>\n<p>Displays the IP routing table route.info<\/p>\n<p>Network Speed, Mode and Auto-negotiation<\/p>\n<hr \/>\n<p>Sets network speed in Mb\/s net.speed.set= &lt;network speed in Mb\/s&gt; example setting: 10\\100\\1000<\/p>\n<p>Displays current net work speed net.speed.get<\/p>\n<p>Sets full or half duplex mode net.duplex.set=half\\full<\/p>\n<p>Displays current duplex mode net.duplex.get<\/p>\n<p>Enables or disables auto-negotiation net.autoneg.set=yes\\no<\/p>\n<p>Displays current auto negotiation net.autoneg.get<\/p>\n<p>setting Keyboard Layout<\/p>\n<hr \/>\n<p>Provides configuration steps for a new keyboard layout kbdcfg<\/p>\n<p>Sets a specific keyboard layout set kbd.layout=&lt;keyboard designation&gt; example setting: sg for Swiss-German keyboard layout<\/p>\n<p>othger supporded: sg-latin1 de de-latin1 for more layouts see 2.5 release notes<\/p>\n<p>&nbsp;<\/p>\n<p><a id=\"Allgemeine_Infos_3\" name=\"Allgemeine_Infos_3\"><\/a><\/p>\n<span id=\"Allgemeine_Infos_2\"><h2>Allgemeine Infos<\/h2><\/span>\n<p><a id=\"Security_Levels\" name=\"Security_Levels\"><\/a><\/p>\n<span id=\"Security_Levels\"><h3>Security Levels<\/h3><\/span>\n<p>Level 0: User names and passwords are unrestricted. Level 1: Names must be at least 6 characters long; passwords at least 8. Level 2: In addition to level 1 restrictions, passwords must contain: &#8211; at least 2 alpha characters &#8211; at least 1 numeric character &#8211; at least 1 non-alphanumeric characters<\/p>\n<p>&nbsp;<\/p>\n<p><a id=\"zustzliche_Filter_konfiguration\" name=\"zustzliche_Filter_konfiguration\"><\/a><\/p>\n<span id=\"Zustzliche_Filter_konfiguration\"><h3>Zus\u00c3\u00a4tzliche Filter konfiguration<\/h3><\/span>\n<pre>Grundstzlich alle Filter auf \"Recommanded Settings\" belassen, da damit auch nach DV upgrade\r\nFilter aktiviert werden.\r\nZustzlich blocken:\r\n- Spyware\r\n- Backdoor\r\nev auch Filesharing und Instant Messaging, resp. \"Windows command shell on high TCP port\"\r\n\r\nZustzlich zumindest auf Notify:\r\n- ZDI Filter\r\n\r\nSecurity Group je nach Kundenanforderungen anpassen\r\nVirus nicht auf Block+ Notify, sondern auf Block, Notify und Reset!<\/pre>\n<pre>Aufpassen mit SMP und RPC Filter<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Links Mailinglist Product Information &nbsp; IPS Allgemeine Infos Serial 115200 bps, 8 Data Bits, Parity None, Stop Bits 1 &nbsp; Reset Reset SuperUser Password Connect with console cable (115200 bps, 8 Data Bits, Parity None, Stop Bits 1) 1. Reboot &hellip; <a href=\"https:\/\/thebc.ch\/blog\/?p=632\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-632","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/posts\/632","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=632"}],"version-history":[{"count":5,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/posts\/632\/revisions"}],"predecessor-version":[{"id":2654,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=\/wp\/v2\/posts\/632\/revisions\/2654"}],"wp:attachment":[{"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=632"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thebc.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}