Here are a few notes how to successfully simulate an IPS 6 instance in GNS3. Version 7 is a little tricky to simulate so I suggest you get the IPS Manager Express and practice everything in the demo that is available when you install it.
***Do not forget to always start GNS3 as an administrator!***
Software and tools used:
- GNS3 VirtualBox 0.8.1
- Java JRE 6u7
- IPS-4215-K9-sys-1.1-a-6.0-6-E4.iso (use Google trick to get the image–>explained on THIS link)
First it is needed to create a loopback adapter which is connected to GNS3 (cloud) but Google has a good explanation of it–>e.g. LINK
In the command prompt in the qemu directory (GNS3) create IPS disks and boot the IPS image itself by entering this commands:
qemu-img.exe create ipsdisk1.img 512M
qemu-img.exe create ipsdisk2.img 4000M
qemu.exe -hda ipsdisk1.img -hdb ipsdisk2.img -m 1024 -cdrom IPS-K9-cd-1.1-a-6.0-6-E3.iso -boot d
After starting make a recovery and the created disk will we be saved in “users/user/app data/virt…” (Windows 7).
In GNS3 edit the IDM module, mount the disks, add 1024 mbyte RAM, also include “4235” in the Quemu options because
that is the version of the IPS image.
Just a reminder –> use Java JRE 6u7!
Now it is needed to edit the Java settings…
1) Close all instances of Internet Explorer or any browser you use.
2) Click Start > Control Panel (Windows 7).
3) If you have Java Plug-in 1.4.2 installed:
a. Click Java Plug-in.
The Java Plug-in Control Panel appears.
b. Click the Advanced tab.
c. Type “-Xmx256m” in the Java RunTime Parameters field.
d. Click Apply and exit the Java Control Panel.
Also, when you download the “nlp” extension file, open it with notepad and increase the memory from xml256m to 512m.
That should be it! Now there are a few problems that I have encountered and here they are…
IPS certificate problem
-this usualy happens when the IPS image is older than the version 6
–solution: create a new certificate –>
1) Log into the sensor with the administrative account.
2) Verifying that the sensor’s clock is correct (accurately set) and if not, correcting it. Example:
sensor# show clock
12:15:00 GMT-05:00 Wed May 1 2011
sensor# clock set 12:30:00 MAY 1 2011
3) Then issuing the following command:
sensor# tls generate-key
Both an MD5 and a SHA1 fingerprint for the new TLS certificate will be shown after the re-generation completes. These values can be compared (if desired) to what is shown in a remote monitoring application/device (such as IME or CS-MARS) to verify that remote monitoring application/device is in-fact connecting to the sensor’s web server.
After the sensor certificate is re-generated, it must be accepted into any remote monitoring applications/devices in-use (such as IME and CS-MARS). To accept the new certificate in IME, edit the sensor device via the IME Home screen’s Device List and click the OK button. When prompted, accept the new certificate.
IDE stops at 77% parsing -rdep thread timeout
–solution: reset the sensor:)
Hope it helped!