Cisco Cisco IPS 4255 Sensor
4
Release Notes for Cisco Intrusion Prevention System 6.2(2)E3
OL-20116-01
ROMMON and TFTP
ROMMON and TFTP
ROMMON uses TFTP to download an image and launch it. TFTP does not address network issues such
as latency or error recovery. It does implement a limited packet integrity check so that packets arriving
in sequence with the correct integrity value have an extremely low probability of error. But TFTP does
not offer pipelining so the total transfer time is equal to the number of packets to be transferred times
the network average RTT. Because of this limitation, we recommend that the TFTP server be located on
the same LAN segment as the sensor. Any network with an RTT less than a 100 milliseconds should
provide reliable delivery of the image. Be aware that some TFTP servers limit the maximum file size that
can be transferred to ~32 MB.
as latency or error recovery. It does implement a limited packet integrity check so that packets arriving
in sequence with the correct integrity value have an extremely low probability of error. But TFTP does
not offer pipelining so the total transfer time is equal to the number of packets to be transferred times
the network average RTT. Because of this limitation, we recommend that the TFTP server be located on
the same LAN segment as the sensor. Any network with an RTT less than a 100 milliseconds should
provide reliable delivery of the image. Be aware that some TFTP servers limit the maximum file size that
can be transferred to ~32 MB.
For More Information
•
For the procedure for downloading IPS software updates from Cisco.com, see
.
•
For the procedure for configuring automatic upgrades, for the CLI refer to
, and for IME refer to
IPS Management and Event Viewers
Use the following tools for configuring Cisco IPS 6.2(2)E3 sensors:
•
Cisco IDM 6.2
•
Cisco IME 6.2
•
IPS CLI 6.2
•
ASDM 5.2 and above
Use the following tools for monitoring Cisco IPS 6.2(2)E3 sensors:
•
Cisco IME 6.2 and 7.0
•
CSM 4.0
Note
You may need to configure viewers that are already configured to monitor the Cisco IPS 6.1
sensors to accept a new SSL certificate for the Cisco IPS 6.2(2)E3 sensors.
sensors to accept a new SSL certificate for the Cisco IPS 6.2(2)E3 sensors.
New and Changed Information
Cisco IPS 6.2(2)E3 includes the following new features:
•
E3 signature engine update and the S425 signature update with these new features:
–
Signature date and type
The signature date represents the date at which the signature was first created. The date is stored
in the format YYYYMMDD. The signature type represents the category in which a specific
signature falls. Signatures are broadly classified as vulnerability, exploit, anomaly, component,
or other. The default is other.
in the format YYYYMMDD. The signature type represents the category in which a specific
signature falls. Signatures are broadly classified as vulnerability, exploit, anomaly, component,
or other. The default is other.