Cisco Cisco IPS 4255 Sensor
12
Release Notes for Cisco Intrusion Prevention System 7.1(1)E4
OL-19894-01
Restrictions and Limitations
You should be aware of the most recent security threats so that you can most effectively secure and
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
Cisco Security Intelligence Operations contains a Security News section that lists security articles of
interest. There are related security tools and links.
interest. There are related security tools and links.
You can access Cisco Security Intelligence Operations at this URL:
Cisco Security Intelligence Operations is also a repository of information for individual signatures,
including signature ID, type, structure, and description.
including signature ID, type, structure, and description.
You can search for security alerts and signatures at this URL:
Restrictions and Limitations
The following restrictions and limitations apply to Cisco IPS 7.1(1)E4 software and the products that
run it:
run it:
•
After you upgrade any IPS software on your sensor, you must restart the IDM to see the latest
software features.
software features.
•
Bypass mode is not supported.
•
CDP mode is not supported.
•
Alternate TCP resets are not supported.
•
The ASA 5585-X IPS SSP is supported in ASA 8.2(4.4) and higher as well as ASA 8.4(2) and
higher. It is not supported in ASA 8.3(x).
higher. It is not supported in ASA 8.3(x).
•
Anomaly detection does not support IPv6 traffic; only IPv4 traffic is directed to the anomaly
detection processor.
detection processor.
•
IPv6 does not support the following event actions: Request Block Host, Request Block Connection,
or Request Rate Limit.
or Request Rate Limit.
•
Global correlation does not support IPv6.
•
ICMP signature engines do not support ICMPv6, they are IPv4-specific, for example, the Traffic
ICMP signature engine. ICMPv6 is covered by the Atomic IP Advanced signature engine.
ICMP signature engine. ICMPv6 is covered by the Atomic IP Advanced signature engine.
•
The ASA 5585-X IPS SSP can support both promiscuous and inline monitoring at the same time on
its single physical back plane interface inside the adaptive security appliance. The configuration on
the main adaptive security appliance can be used to designate which packets/connections should be
monitored by the ASA 5585-X IPS SSP as either promiscuous or inline.
its single physical back plane interface inside the adaptive security appliance. The configuration on
the main adaptive security appliance can be used to designate which packets/connections should be
monitored by the ASA 5585-X IPS SSP as either promiscuous or inline.
•
The IDM does not support any non-English characters, such as the German umlaut or any other
special language characters. If you enter such characters as a part of an object name through the
IDM, they are turned into something unrecognizable and you will not be able to delete or edit the
resulting object through the IDM or the CLI.
special language characters. If you enter such characters as a part of an object name through the
IDM, they are turned into something unrecognizable and you will not be able to delete or edit the
resulting object through the IDM or the CLI.
This is true for any string that is used by CLI as an identifier, for example, names of time periods,
inspect maps, server and URL lists, and interfaces.
inspect maps, server and URL lists, and interfaces.