Using the IDM index and the key word stream I get this on 1st match: Miscellaneous tab
button functions 5-29<http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/idm/idm_signature_definitions.html#wpmkr1035537> configuring application policy 5-37<http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/idm/idm_signature_definitions.html#wpmkr1268037> IP fragment reassembly mode 5-41<http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/idm/idm_signature_definitions.html#wpmkr1263560> IP logging 5-50<http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/idm/idm_signature_definitions.html#wpmkr1268393> TCP stream reassembly mode 5-48<http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/idm/idm_signature_definitions.html#wpmkr1268765> * * Using the CLI index I was forced to search using two different key words. First stream, then fragment. stream: TCP external zone 9-29<http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_anomaly_detection.html#wpmkr1149339> illegal zone 9-21<http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_anomaly_detection.html#wpmkr1148821> internal zone 9-12<http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_anomaly_detection.html#wpmkr1148239> stream reassembly 8-37<http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_signature_definitions.html#wpmkr1186125> * * *fragment:* * * * IP fragment reassembly 8-30<http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_signature_definitions.html#wpmkr1185431> IP fragment reassembly parameters 8-29, <http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_signature_definitions.html#wpmkr1185361> 8-36<http://www.cisco.com/en/US/docs/security/ips/6.1/configuration/guide/cli/cli_signature_definitions.html#wpmkr1186042> * * * *Regards,* *Roger* * * 2009/10/5 Mohammed Gazzaz <[email protected]> > Hi roger, > > Thanks for sharing this great tip but when i go to the index page and type > "Stream Reassembly" , I get something different. > > TCP stream reassembly mode > 7-49<http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_signature_definitions.html#wpmkr1299615> > TCP stream reassembly > B-32<http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_signature_engines.html#wpmkr1359126> > > TCP stream reassembly > > described > 7-44<http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_signature_definitions.html#wpmkr1299149> > > mode > 7-49<http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_signature_definitions.html#wpmkr1299615> > > parameters (table) > 7-45<http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_signature_definitions.html#wpmkr1299162> > > signatures (table) > 7-45<http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_signature_definitions.html#wpmkr1299162> > > > How did you get these two > * configure the IPS for Linux-like IP fragment reassembly * In addition to > this configure the IPS for TCP stream reassembly so that a missed packet > does not disrupt the assembly process > > Regards, > Mohammed Gazzaz > ------------------------------ > Date: Mon, 5 Oct 2009 14:38:55 -0400 > From: [email protected] > To: [email protected] > Subject: Re: [OSL | CCIE_Security] IPS 6 > > One thing I found very helpful in the IPS docs are the index pages. Using > the index page to find a key word or topic. In this method you can find > obscure tasks and how to configure them using CLI or ADM. > > Example - > Stream Reassembly > * configure the IPS for Linux-like IP fragment reassembly > * In addition to this configure the IPS for TCP stream reassembly so that > a missed packet does not disrupt the assembly process > > Enjoy, > Roger > > On Mon, Oct 5, 2009 at 5:04 AM, Michael Davis <[email protected] > > wrote: > > Thanks very much. I will just read the first couple of chapters then use > the device manager guide. > > *From:* Mohammed Gazzaz [mailto:[email protected]] > *Sent:* Monday, October 05, 2009 6:55 PM > *To:* [email protected] > *Cc:* Michael Davis; [email protected] > *Subject:* RE: [OSL | CCIE_Security] IPS 6 > > > Hi Satish, > > No it is not a recent change. Even with the old Version (Version 2), people > were allowed to use both CLI and GUI. > > Regards, > Mohammed Gazzaz > ------------------------------ > Date: Mon, 5 Oct 2009 13:10:20 +0530 > Subject: Re: [OSL | CCIE_Security] IPS 6 > From: [email protected] > To: [email protected] > CC: [email protected]; [email protected] > > Hi, > > Was it a recent change? As far as my knowledge goes, you need to > configure and manage IPS with CLI ONLY during the lab exam. Can someone > clarify on this point - thanks. > > > -Satish > 2009/10/5 Mohammed Gazzaz <[email protected]> > > Hi Michael, > > You have access to both in the real exam. Usually I use the CLI to > configure IP address, Default Gatewat, Hosts allowed to access the IPS, and > other stuff. After that I use the GUI to configure several things like > Interfaces, Signatures, Sensors, blocking, and other stuff. > > In my opinion using GUI is faster than using the CLI but some people are > used to CLI and they use it to configure everything. It is a matter of > personal preferences. > > If you want to use the CLI, then skip the device manager guide. If you want > to use the CLI, then at least you need to read the first two or three > chapters of the CLI guide so you can have an idea on how to initialize the > IPS device. > > Regards, > Mohammed Gazzaz > ------------------------------ > Date: Mon, 5 Oct 2009 16:56:59 +1100 > From: [email protected] > To: [email protected] > Subject: [OSL | CCIE_Security] IPS 6 > > > Hi Everyone – Can anyone please clarify which guide I should study for > the IPS? Do I use the CLI or the Device Manager guide? Or do I need to > study both? Do we get access to the device manager in the real exam or is > it all CLI like everything else? > > ------------------------------ > Windows Live: Keep your friends up to date with what you do online. > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > ------------------------------ > Windows Live: Friends get your Flickr, Yelp, and Digg updates when they > e-mail you. > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > > ------------------------------ > Keep your friends updated— even when you’re not signed > in.<http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
