Cisco Cisco IPS 4255 Sensor
3
Release Notes for Cisco Intrusion Prevention System 6.1(3)E3
OL-20114-01
Supported Platforms
Supported Platforms
Cisco IPS 6.1(3)E3 is supported on the following platforms:
•
IPS 4240 Series Sensor Appliances
•
IPS 4255 Series Sensor Appliances
•
IPS 4260 Series Sensor Appliances
•
IPS 4270-20 Series Sensor Appliances
•
Intrusion Detection System Module (IDSM2) for Catalyst 6500 series switches
•
ASA-SSM-AIP-10 series Cisco ASA Advanced Inspection and Prevention Security Service
Modules (AIP SSM-10)
Modules (AIP SSM-10)
•
ASA-SSM-AIP-20 series Cisco ASA Advanced Inspection and Prevention Security Service
Modules (AIP SSM-20)
Modules (AIP SSM-20)
•
ASA-SSM-AIP-40 series Cisco ASA Advanced Inspection and Prevention Security Service
Modules (AIP SSM-40)
Modules (AIP SSM-40)
•
Intrusion Prevention System Advanced Integration Module (AIM IPS)
•
Intrusion Prevention System Network Module (NME IPS)
Supported Servers
The following FTP servers are supported for IPS software updates:
•
WU-FTPD 2.6.2 (Linux)
•
Solaris 2.8
•
Sambar 6.0 (Windows 2000)
•
Serv-U 5.0 (Windows 2000)
•
MS IIS 5.0 (Windows 2000)
The following HTTP/HTTPS servers are supported for IPS software updates:
•
CMS - Apache Server (Tomcat)
•
CMS - Apache Server (JRun)
ROMMON and TFTP
ROMMON uses TFTP to download an image and launch it. TFTP does not address network issues such
as latency or error recovery. It does implement a limited packet integrity check so that packets arriving
in sequence with the correct integrity value have an extremely low probability of error. But TFTP does
not offer pipelining so the total transfer time is equal to the number of packets to be transferred times
the network average RTT. Because of this limitation, we recommend that the TFTP server be located on
the same LAN segment as the sensor. Any network with an RTT less than a 100 milliseconds should
provide reliable delivery of the image. Be aware that some TFTP servers limit the maximum file size that
can be transferred to ~32 MB.
as latency or error recovery. It does implement a limited packet integrity check so that packets arriving
in sequence with the correct integrity value have an extremely low probability of error. But TFTP does
not offer pipelining so the total transfer time is equal to the number of packets to be transferred times
the network average RTT. Because of this limitation, we recommend that the TFTP server be located on
the same LAN segment as the sensor. Any network with an RTT less than a 100 milliseconds should
provide reliable delivery of the image. Be aware that some TFTP servers limit the maximum file size that
can be transferred to ~32 MB.