Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Documentation Search

    Enabling Simulation Mode

    Simulation mode is an operational mode in which the IDP Series device examines traffic but only simulates security policy actions, generating simulation mode logs that indicate the programmed action. Simulation mode is disabled by default.

    To enable simulation mode:

    1. Log into the CLI as admin and enter su - to switch to root.
    2. Run the following command to display the current setting for simulation mode:

      [root@defaulthost conf]# scio const -s s0 get sc_simulation_mode
      scio: sc_simulation_mode = 0x0

      The value 0x0 indicates simulation mode is disabled.

    3. Run the following command to enable simulation mode:

      [root@defaulthost conf]# scio const -s s0 set sc_simulation_mode 1
      scio: setting sc_simulation_mode to 0x1

      The value 0x1 indicates simulation mode is enabled.

    You do not need to restart the IDP engine (idp.sh) or push a policy to initiate changes to your simulation mode setting. Changes you make to kernel constants from the CLI do not persist across restarts.

    To make your change persistent:

    1. Open the /usr/idp/device/bin/user_funcs file in a text editor, such as vi.
    2. Add the simulation mode constant within the user_start_pre_policy() section:
      user_start_pre_policy ()
      
      {
      
              # Disable ARP spoofing detection
              # -------------------------------
              # If you are running clusters with virtual MAC addresses, IDP will treat
              # these as spoofed ARP packets since the MAC addresses in the ethernet
              # frame will be different from what is inside the ARP request/response. If
              # you have multiple virtual routers, you need to perform this operation on
              # all defined virtual routers.
              #
              # $SCIO const -v vr0 set sc_arp_spoof_detect 0
              # $SCIO const -s s0 set sc_mpls_decapsulation 1 
              $SCIO const -s s0 set sc_simulation_mode 1
              return;
      
      }
      
    3. Save the file.

    Published: 2011-02-08