Cisco Cisco IPS 4255 Sensor
6
Release Notes for Cisco Intrusion Prevention System 7.3(2)E4
OL-32050-01
AC Power Supply in the IPS 4300 Series V01 and V02 Chassis
•
Password/hostname restrictions
–
Slashes are NOT valid for hostnames, for example, firewall5/ips.
–
During password recovery, the password/privilege level of the default account is set back to the
default values of cisco/administrator.
default values of cisco/administrator.
•
The ASA 5585-X IPS SSP series and ASA 5500-X IPS SSP series are added back to the IPS 7.3 line.
•
Updater client vulnerability—The updater client used by the IPS was not validating the certificate
from the updater server (automatic update server and global correlation server). The server does
provide a valid certificate, but the IPS was not verifying it. This vulnerability has been fixed in IPS
7.3(2)E4.
from the updater server (automatic update server and global correlation server). The server does
provide a valid certificate, but the IPS was not verifying it. This vulnerability has been fixed in IPS
7.3(2)E4.
•
Auto Flow Depth—To improve throughput and reduce latency, this new functionality automatically
sets the flow depth to 800K to provide continuity of flows. Auto flow depth is only applied to
inspection threads/cores with high inspection loads. Other threads/cores continue to provide full
inspection. Prior to 7.3(2)E4, if you have flow depth configured, it overrides the new auto flow depth
functionality and continues to limit inspection of ALL flows. To take advantage of the new auto flow
depth functionality, you must disable flow depth.
sets the flow depth to 800K to provide continuity of flows. Auto flow depth is only applied to
inspection threads/cores with high inspection loads. Other threads/cores continue to provide full
inspection. Prior to 7.3(2)E4, if you have flow depth configured, it overrides the new auto flow depth
functionality and continues to limit inspection of ALL flows. To take advantage of the new auto flow
depth functionality, you must disable flow depth.
AC Power Supply in the IPS 4300 Series V01 and V02 Chassis
The Cisco IPS 4300 series sensors with the AC power supply can restore the previous power state of the
system if AC power is lost. Earlier IPS 4300s (V01) require you to turn on the power with the power
switch. Newer IPS 4300s (V02) automatically turn on when you plug in the power cable.
system if AC power is lost. Earlier IPS 4300s (V01) require you to turn on the power with the power
switch. Newer IPS 4300s (V02) automatically turn on when you plug in the power cable.
To determine your version, do one of the following:
•
At the CLI, enter the show inventory command and look for V01 or V02 in the output.
•
On the back of the chassis, look at the VID PID label for V01 or V02.
The V01 chassis has the following limitations (these limitations do not apply to the V02 chassis):
•
The sensor requires 50 seconds from the time that AC power is applied before the power state can
be updated and stored. This means that any changes to the power state within the first 50 seconds of
applying AC power will not be observed if AC power is removed within that time.
be updated and stored. This means that any changes to the power state within the first 50 seconds of
applying AC power will not be observed if AC power is removed within that time.
•
The sensor requires 10 seconds from the time it is placed into standby mode before the power state
can be updated and stored. This means any changes to the power state within the first 10 seconds of
entering standby mode (including the standby mode itself) will not be observed if AC power is
removed within that time.
can be updated and stored. This means any changes to the power state within the first 10 seconds of
entering standby mode (including the standby mode itself) will not be observed if AC power is
removed within that time.
For More Information
For information on the AC power supplies in the IPS 4300 series sensors, refer to
.
Obtaining Software
You can find major and minor updates, service packs, signature and signature engine updates, system
and recovery files, firmware upgrades, and Readmes on the Download Software site on Cisco.com.
Signature updates are posted to Cisco.com approximately every week, more often if needed. Service
packs are posted to Cisco.com in a release train format, a new release every three months. Major and
minor updates are also posted periodically. Check Cisco.com regularly for the latest IPS software.
and recovery files, firmware upgrades, and Readmes on the Download Software site on Cisco.com.
Signature updates are posted to Cisco.com approximately every week, more often if needed. Service
packs are posted to Cisco.com in a release train format, a new release every three months. Major and
minor updates are also posted periodically. Check Cisco.com regularly for the latest IPS software.