Re: [OSL | CCIE_Security] IPS 6

[Mohammed Gazzaz]

Thanks Roger.

Date: Mon, 5 Oct 2009 15:29:59 -0400
Subject: Re: [OSL | CCIE_Security] IPS 6
From: roger.che...@googlemail.com
To: mgaz...@hotmail.com
CC: ccie_security@onlinestudylist.com

Using the IDM index and the key word stream I get this on 1st match:
Miscellaneous tab
button functions 5-29

configuring
application policy 5-37

IP fragment reassembly mode 5-41

IP logging 5-50

TCP stream reassembly mode 5-48


Using the CLI index I was forced to search using two different key words.  
First stream, then fragment.
stream:

TCP
external zone 9-29

illegal zone 9-21

internal zone 9-12

stream reassembly 8-37

fragment:


IP fragment reassembly 8-30

IP fragment reassembly parameters 8-29, 8-36

Regards,
Roger

2009/10/5 Mohammed Gazzaz <mgaz...@hotmail.com>






Hi roger,

Thanks for sharing this great tip but when i go to the index page and type 
"Stream Reassembly" , I get something different.

TCP stream reassembly mode 7-49

TCP stream reassembly B-32

 
TCP stream reassembly 

 
   
described 7-44 

    
mode 7-49 

    
parameters (table) 7-45 

    
signatures (table) 7-45 



How did you get these two
* configure the IPS for Linux-like IP fragment reassembly * In addition to this 
configure the IPS for TCP stream reassembly so that a missed packet does not 
disrupt the assembly process

Regards,
Mohammed Gazzaz
Date: Mon, 5 Oct 2009 14:38:55 -0400
From: roger.che...@googlemail.com
To: ccie_security@onlinestudylist.com

Subject: Re: [OSL | CCIE_Security] IPS 6

One thing I found very helpful in the IPS docs are the index pages.  Using the 
index page to find a key word or topic.  In this method you can find obscure 
tasks and how to configure them using CLI or ADM.


Example -Stream Reassembly * configure the IPS for Linux-like IP fragment 
reassembly * In addition to this configure the IPS for TCP stream reassembly so 
that a missed packet does not disrupt the assembly process


Enjoy,Roger
On Mon, Oct 5, 2009 at 5:04 AM, Michael Davis <mich...@specialistit.com.au> 
wrote:















Thanks very much.  I will just read the first couple of chapters
then use the device manager guide.  


 






From: Mohammed Gazzaz
[mailto:mgaz...@hotmail.com] 

Sent: Monday, October 05, 2009 6:55 PM

To: satis...@gmail.com

Cc: Michael Davis; ccie_security@onlinestudylist.com

Subject: RE: [OSL | CCIE_Security] IPS 6






 


Hi Satish,



No it is not a recent change. Even with the old Version (Version 2), people
were allowed to use both CLI and GUI.



Regards,

Mohammed Gazzaz







Date:
Mon, 5 Oct 2009 13:10:20 +0530

Subject: Re: [OSL | CCIE_Security] IPS 6

From: satis...@gmail.com

To: mgaz...@hotmail.com

CC: mich...@specialistit.com.au; ccie_security@onlinestudylist.com



Hi,




 






Was
it a recent change?  As far as my knowledge goes, you need to configure
and manage IPS with CLI ONLY during the lab exam.  Can someone clarify on
this point - thanks.






 






-Satish



2009/10/5
Mohammed Gazzaz <mgaz...@hotmail.com>




Hi Michael,



You have access to both in the real exam. Usually I use the CLI to configure IP
address, Default Gatewat, Hosts allowed to access the IPS, and other stuff.
After that I use the GUI to configure several things like Interfaces,
Signatures, Sensors, blocking, and other stuff.



In my opinion using GUI is faster than using the CLI but some people are used
to CLI and they use it to configure everything. It is a matter of personal
preferences.



If you want to use the CLI, then skip the device manager guide. If you want to
use the CLI, then at least you need to read the first two or three chapters of
the CLI guide so you can have an idea on how to initialize the IPS device.



Regards,

Mohammed Gazzaz







Date:
Mon, 5 Oct 2009 16:56:59 +1100

From: mich...@specialistit.com.au

To: ccie_security@onlinestudylist.com

Subject: [OSL | CCIE_Security] IPS 6




 



Hi
Everyone – Can anyone please clarify which guide I should study for the
IPS?  Do I use the CLI or the Device Manager guide?  Or do I need to
study both?  Do we get access to the device manager in the real exam or is
it all CLI like everything else?




 










Windows
Live: Keep your friends up to date with
what you do online.






_______________________________________________

For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com



 




 








Windows
Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail
you.








_______________________________________________

For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com



                                          
Keep your friends updated— even when you’re not signed in.


                                          
_________________________________________________________________
Windows Live Hotmail: Your friends can get your Facebook updates, right from 
Hotmail®.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com