Cisco Cisco IPS 4345 Sensor
56
Release Notes for Cisco Intrusion Prevention System 7.1(3)E4
OL-25881-01
Restrictions and Limitations
Restrictions and Limitations
The following restrictions and limitations apply to Cisco IPS 7.1(3)E4 software and the products that
run it:
run it:
•
For RADIUS users, the attempt limit feature is enforced only after the RADIUS user’s first
successful login to the sensor.
successful login to the sensor.
•
The IPS 4345 and IPS 4360 do not support hardware bypass. Hardware bypass is currently only
supported on the IPS 4270-20.
supported on the IPS 4270-20.
•
The ASA 5512-X IPS SSP and the ASA 5515-X IPS SSP do not support the Regex accelerator card
and the String XL engines.
and the String XL engines.
•
Use the show statistics virtual-sensor | include load command (CLI) or look at the statistics for
the virtual sensor at Configuration > Sensor Monitoring > Support Information > Statistics
(IDM/IME) to determine the load value over a longer period of time. The show statistics
analysis-engine command (CLI) and the statistics for Analysis Engine show values over a shorter
period of time. If you compare the output, the values will appear to be inconsistent due to the
different time periods. To get an accurate comparison between them, compare the processing load
percentage from the statistics for the virtual sensor and the one-minute averaged value from the
statistics for Analysis Engine.
the virtual sensor at Configuration > Sensor Monitoring > Support Information > Statistics
(IDM/IME) to determine the load value over a longer period of time. The show statistics
analysis-engine command (CLI) and the statistics for Analysis Engine show values over a shorter
period of time. If you compare the output, the values will appear to be inconsistent due to the
different time periods. To get an accurate comparison between them, compare the processing load
percentage from the statistics for the virtual sensor and the one-minute averaged value from the
statistics for Analysis Engine.
•
On the IPS 4270-20, rx/tx flow control is disabled. This is a change from IPS 7.0 where rx/tx flow
control is enabled by default.
control is enabled by default.
•
TACACS+ authentication is not supported in IPS 7.1(3)E4.
•
The CLI timeout feature is applicable only for sessions established through SSH, Telnet, and the
console. Service account logins are not affected.
console. Service account logins are not affected.
•
Anomaly detection does not support IPv6 traffic; only IPv4 traffic is directed to the anomaly
detection processor.
detection processor.
•
IPv6 does not support the following event actions: Request Block Host, Request Block Connection,
or Request Rate Limit.
or Request Rate Limit.
•
Global correlation does not support IPv6.
•
There is no support for IPv6 on the management (command and control) interface.
•
ICMP signature engines do not support ICMPv6, they are IPv4-specific, for example, the Traffic
ICMP signature engine. ICMPv6 is covered by the Atomic IP Advanced signature engine.
ICMP signature engine. ICMPv6 is covered by the Atomic IP Advanced signature engine.
•
CSM and MARS do not support IPv6.
•
When deploying an IPS sensor monitoring two sides of a network device that does TCP sequence
number randomization, we recommend using a virtual senor for each side of the device.
number randomization, we recommend using a virtual senor for each side of the device.
•
After you upgrade any IPS software on your sensor, you must restart the IDM to see the latest
software features.
software features.
•
The IDM does not support any non-English characters, such as the German umlaut or any other
special language characters. If you enter such characters as a part of an object name through IDM,
they are turned into something unrecognizable and you will not be able to delete or edit the resulting
object through IDM or the CLI. This is true for any string that is used by the CLI as an identifier,
for example, names of time periods, inspect maps, server and URL lists, and interfaces.
special language characters. If you enter such characters as a part of an object name through IDM,
they are turned into something unrecognizable and you will not be able to delete or edit the resulting
object through IDM or the CLI. This is true for any string that is used by the CLI as an identifier,
for example, names of time periods, inspect maps, server and URL lists, and interfaces.