Cisco Cisco IPS 4255 Sensor
26
Release Notes for Cisco Intrusion Prevention System 6.2(1)E3
OL-15642-01
Restrictions and Limitations
To export event data from IEV 5.x to a local file:
Step 1
From IEV 5.x, choose File > Database Administration > Export Database Tables.
Step 2
Enter the file name and select the table(s).
Step 3
Click OK. The events in the selected table(s) are exported to the specified local file.
Importing IEV Event Data In to IME
To import event data in to IME, follow these steps:
Step 1
From IME, choose File > Import.
Step 2
Select the file exported from IEV 5.x and click Open. The contents of the selected file are imported in
to IME.
to IME.
For More Information
.
Restrictions and Limitations
The following restrictions and limitations apply to Cisco IPS 6.2(1)E3 software and the products that
run it:
run it:
•
For IPS 5.0 and later, you can no longer remove the cisco account. You can disable it using the no
password cisco command, but you cannot remove it. To use the no password cisco command, there
must be another administrator account on the sensor. Removing the cisco account through the
service account is not supported. If you remove the cisco account through the service account, the
sensor most likely will not boot up, so to recover the sensor you must reinstall the sensor system
image.
password cisco command, but you cannot remove it. To use the no password cisco command, there
must be another administrator account on the sensor. Removing the cisco account through the
service account is not supported. If you remove the cisco account through the service account, the
sensor most likely will not boot up, so to recover the sensor you must reinstall the sensor system
image.
•
The AIP SSC-5 does not support virtualization, unretiring default retired signatures, creating
custom signatures, adding signatures, cloning signatures, or anomaly detection.
custom signatures, adding signatures, cloning signatures, or anomaly detection.
•
The AIP SSC-5 can take up to 20 minutes to come online when it reboots after the installation of a
new system image. You must let the process complete before you can make configuration changes
to the AIP SSC-5. If you try to modify and save configuration changes before the process is
complete, you receive an error message.
new system image. You must let the process complete before you can make configuration changes
to the AIP SSC-5. If you try to modify and save configuration changes before the process is
complete, you receive an error message.
•
Anomaly detection does not support IPv6 traffic; only IPv4 traffic is directed to the anomaly
detection processor.
detection processor.
•
ICMP signature engines do not support ICMPv6, they are IPv4-specific, for example, the Traffic
ICMP signature engine. ICMPv6 is covered by the Atomic IP Advanced signature engine.
ICMP signature engine. ICMPv6 is covered by the Atomic IP Advanced signature engine.
•
Rate limiting and blocking are not supported for IPv6 traffic. If a signature is configured with a
block or rate limit event action and is triggered by IPv6 traffic, an alert is generated but the action
is not carried out.
block or rate limit event action and is triggered by IPv6 traffic, an alert is generated but the action
is not carried out.
•
IPv6 does not support the following event actions: Request Block Host, Request Block Connection,
or Request Rate Limit.
or Request Rate Limit.