Cisco Cisco IPS 4255 Sensor
5
Release Notes for Cisco Intrusion Prevention System 6.2(2)E3
OL-20116-01
MySDN Decommissioned
–
Duplicate packet detector statistics
Duplicate packet statistics are now added to the TCP Normalizer Stage Statistics section of the
show statistics virtual sensor command output. Large numbers of duplicate packets being
reported by the Normalizer can aid in the detection of sensor deployment and configuration
problems. Duplicate packets are often seen in situations where a single virtual sensor is
monitoring two or more networks, and is seeing a TCP connection crossing two or more of these
networks. In this situation you can reconfigure the sensor to monitor each network using a
different virtual sensor. If both networks must be monitored by a single virtual sensor, configure
the virtual sensor with the inline-TCP-session-tracking-mode parameter set to either
interface-and-vlan or vlan-only.
show statistics virtual sensor command output. Large numbers of duplicate packets being
reported by the Normalizer can aid in the detection of sensor deployment and configuration
problems. Duplicate packets are often seen in situations where a single virtual sensor is
monitoring two or more networks, and is seeing a TCP connection crossing two or more of these
networks. In this situation you can reconfigure the sensor to monitor each network using a
different virtual sensor. If both networks must be monitored by a single virtual sensor, configure
the virtual sensor with the inline-TCP-session-tracking-mode parameter set to either
interface-and-vlan or vlan-only.
–
UDP length parameter in Atomic engines
A new parameter to match a specific UDP length was added. This engine parameter is added in
the Atomic IP Advanced and Atomic IP engine for l4-protocol UDP. The purpose of this
parameter is to check if UDP total length falls within a specific range.
the Atomic IP Advanced and Atomic IP engine for l4-protocol UDP. The purpose of this
parameter is to check if UDP total length falls within a specific range.
•
IDM version 7.0(2)
•
Changes from CSCsu77935
The idle time algorithm of the sensor has been modified. Additional CPU has been applied to polling
the NICs to decrease the polling interval and reduce latency. The CPU usage is thus reported as
higher than in previous releases, including external tools such as top and ps. You will notice the
additional CPU load on single-CPU platforms and on the primary CPU of multicore systems.
the NICs to decrease the polling interval and reduce latency. The CPU usage is thus reported as
higher than in previous releases, including external tools such as top and ps. You will notice the
additional CPU load on single-CPU platforms and on the primary CPU of multicore systems.
Because the additional CPU load reported while polling is actually available to process packets, and
is reduced as inspection load goes up, it does not negatively affect the overall throughput of the IPS.
is reduced as inspection load goes up, it does not negatively affect the overall throughput of the IPS.
Use the show statistics virtual-sensor command to see the sensor load. It is listed under Processing
Load Percentage in the output. You can also view the sensor load on the IME Device List pane.
Load Percentage in the output. You can also view the sensor load on the IME Device List pane.
For More Information
•
For detailed information on the Normalizer engine, refer to
.
•
For detailed information on the Atomic IP engines, refer to
•
For the procedure for using the show statistics command, refer to
.
•
For a description of the IME Device List pane, refer to
.
MySDN Decommissioned
Because MySDN has been decommissioned, the URL in older versions of IDM and IME is no longer
functional. If you are using IPS 6.0 or later, we recommend that you upgrade your version of IDM and
IME.
functional. If you are using IPS 6.0 or later, we recommend that you upgrade your version of IDM and
IME.
You can upgrade to the following versions to get the functioning MySDN URL:
•
IDM 7.0.3
•
IME 7.0.3
•
IPS 7.0(4), which contains IDM 7.0.4
If you are using version IPS 5.x, you must look up signature information manually at this URL: