I get a few questions about NSP:
1. do you configure DATABASE TUNING automated tuning?
2. is there any IPS policy recommendation for DMZ? I know that there is an ATTACK POLICY SET for DMZ. I want to know if is there anything else?
3. is there an option to upgrade an unmanaged Sensor without TFTP?
4. can I configure the NSP in "Detect Mode" ?I want to configure the NSP in a detect mode for two weeks and then change it to Prevent Mode
Thank you very much !
1. While there is an option to implement automated tuning, it is up to you if you want to use it.
I prefer to run tuning manually by switching to our secondary manager while tuning our primary manager, then tuning the secondary once the primary is back up.
3. We have found tftp to be too slow, following advice from mcafee, we used scp server to upload the image and ran the upgrade from the sensor command line via ssh.
Follow the steps in this article, replacing tftp with scp, CLI Guide contains details on this also.
I'll have a look at our setup for DMZ policy & 'detect mode' settings tomorrow.