CP Secure Threat Management - Enabling & Configuring IPS/IDS Functionality
Products Supported: AER16x0, AER2100, AER31x0, IBR9x0, IBR6x0C. Click here to identify your router.
Firmware Version: 5.4.x - for information on upgrading firmware, click here.
Firmware version 6.0 has been released and introduces a vastly improved GUI for all current Series 3 routers. Cradlepoint has created new Knowledge Base articles with updated screen shots and instructions for the new GUI layout. As a result, this article has received its final update. To view the version of this Knowledge Base article for Firmware 6.0 and Later please click here.
This document will explain how to enable CP Secure Threat Management to function as an IDS or IPS, configuring how the service behaves upon failure, application ID logging, updating threat signatures, and how to manually whitelist signatures.
This is an example of how to use Cradlepoint's "CP Secure Threat Management" feature to enable the Intrusion Detection Service (IDS) or Intrusion Prevention Service (IPS) functionality between a LAN and the router's WAN source(s).
- IMPORTANT: CP Secure Threat Management requires a feature license or NCM PRIME to use. Please contact your sales representative for pricing information.
- Navigate to NETWORK SETTINGS > THREAT MANAGEMENT
- Note: The THREAT MANAGEMENT menu option will be visible, but the service will not function until after the license has been installed. NCM will hide the option until IPS has been enabled on the account.
Operation Mode Options
- Operation Mode can be changed from Disabled to Detect and Prevent (IPS functionality) or Detect Only (IDS functionality)
After enabling the service, the Signature Database Version (shown in the Status section) will change from No Rules Loaded to show the current signature version loaded.
Engine Failure/Error Action Options
- The Engine Failure/Error Action can be changed from Allow Traffic to Deny Traffic, depending on how you intend for the router to behave if the Threat Management engine fails for some reason.
Application ID Logging
- If enabled, the Intrusion Prevention packet scanning engine can identify thousands of applications, and log the detected applications to the System Log.
Signature Update Scheduling
- These options allow you to set a schedule on when you want the router to check and see if there are updated signatures available and if there is download and install them.
- To help minimize cellular modem data usage, it is possible to configure separate schedules for modem and non-modem WAN sources.
The Signature Settings tab gives you granular control on behavior for categories or individual signatures as needed.
By default, all signatures and their categories will utilize the global settings of the Operation Mode. You can apply the other two options here.
NCM Threat Management
NCM will display the information similar to the local router, and you can configure it at group or device level.
You can also setup alerts in NCM for intrusion activity, and what potential security threat has been identified. In the example below, you can see alerts for Denial of Service and Buffer Overflow threats, and how they were dealt with.
Published Date: 11/10/2015
This article not have what you need? Not find what you were looking for? Think this article can be improved? Please let us know at firstname.lastname@example.org.