Cisco Cisco IPS 4255 Sensor
5
Release Notes for Cisco Intrusion Prevention System Manager Express 7.2.3
OL-27621-01
New and Changed Information
•
The IPS 4240, IPS 4255, IPS 4260 appliances are supported in 6.2(x), IPS 7.0(x), and IPS 7.1(5)E4
and later.
and later.
•
The ASA 5500 AIP SSM modules are supported in 6.2(x), IPS 7.0(x), and IPS 7.1(5) E4 and later.
•
The AIM IPS and NME IPS modules are supported in 6.2(x) and IPS 7.0(x).
•
The IDSM2 is supported in 6.2(x) and IPS 7.0(x).
•
Anomaly detection is disabled by default beginning in IPS 7.1(2)E4.
•
AAA RADIUS is only supported in IPS 7.0(4)E4 and later and IPS 7.1(3)E4 and later.
•
Global correlation is supported in IPS 7.0 and later.
•
The ASA 5585-X IPS SSP and the ASA 5500-X IPS SSP do not support bypass mode.
New and Changed Information
IME 7.2.3 has the following new features:
•
Support for IPS 7.1(5)E4.
•
Policy groups and shared policies—You can now configure and deploy shared policies to multiple
sensor and you can group policies for sharing.
sensor and you can group policies for sharing.
Note
Currently the only policy that you can configure and deploy is the global correlation policy.
•
Obfuscation Traffic/Attacks report—Contains statistics on suspect and explicit traffic obfuscation
activity. It combines a top attacker report with a top event report.
activity. It combines a top attacker report with a top event report.
•
The IME Configuration pane has the following new features:
–
Signature threat profiles—In the IME Startup Wizard, you can apply a signature template to
individual signature policies, which adjusts the signature coverage and response actions
enabling the sensor to make better choices in various deployment and threat scenarios.
individual signature policies, which adjusts the signature coverage and response actions
enabling the sensor to make better choices in various deployment and threat scenarios.
Note
Signature threat profiles are supported on the IPS 4345, IPS 4360, ASA 5525-X IPS
SSP, ASA 5545-X IPS SSP, ASA 5555-X IPS SSP, and ASA 5585-X IPS SSP.
SSP, ASA 5545-X IPS SSP, ASA 5555-X IPS SSP, and ASA 5585-X IPS SSP.
–
Inspection load statistics—Displays the inspection load history across varying time periods.
–
HTTP advanced decoding— Enables deeper inspection of HTTP traffic.
Note
HTTP advanced decoding is supported on the IPS 4345, IPS 4360, ASA 5585-X IPS
SSP, ASA 5525-X IPS SSP, ASA 5545-X IPS SSP, and ASA 5555-X IPS SSP.
SSP, ASA 5525-X IPS SSP, ASA 5545-X IPS SSP, and ASA 5555-X IPS SSP.
Note
Enabling HTTP advanced decoding severely impacts system performance.
•
The default value of the Cisco server IP address has been changed from 198.133.219.25 to
72.163.4.161 in the Auto Update URL configuration. If you have automatic update configured on
your sensor, you may need to update firewall rules to allow the sensor to connect to this new IP
address.
72.163.4.161 in the Auto Update URL configuration. If you have automatic update configured on
your sensor, you may need to update firewall rules to allow the sensor to connect to this new IP
address.