Cisco Cisco IPS 4255 Sensor
5
Release Notes for Cisco Intrusion Prevention System 7.0(7)E4
OL-25390-01
The Sensor and Jumbo Packet Frame Size
Use this command to determine the load on the sensor instead of the CPU Usage information
from the show statistics host command. The inspection load is a more accurate representation
of the processing level of the sensor.
from the show statistics host command. The inspection load is a more accurate representation
of the processing level of the sensor.
The Processing Load category in the show statistics virtual-sensor output has been renamed
to Inspection Load Percentage and shows the same value seen in the show inspection load
command.
to Inspection Load Percentage and shows the same value seen in the show inspection load
command.
The calculation of the inspection load has also been enhanced to provide a more accurate
calculation of the sensor load at lower traffic levels.
calculation of the sensor load at lower traffic levels.
–
New erase license-key command—You can now delete an installed license from a sensor
without restarting the sensor or logging into the sensor using the service account.
without restarting the sensor or logging into the sensor using the service account.
–
Detail information added to show statistics global-correlation command—The output now
includes any failures that have been detected.
includes any failures that have been detected.
–
TCP Normalizer signature warning—You receive the following warning if you disable a
default-enabled TCP Normalizer signature or remove a default-enabled modify packet inline,
deny packet inline, or deny connection inline action:
default-enabled TCP Normalizer signature or remove a default-enabled modify packet inline,
deny packet inline, or deny connection inline action:
Use caution when disabling, retiring, or changing the event action settings of a
<Sig ID> TCP Normalizer signature for a sensor operating in IPS mode. The TCP
Normalizer signature default values are essential for proper operation of the
sensor.
If the sensor is seeing duplicate packets, consider assigning the traffic to
multiple virtual sensors. If you are having problems with asymmetric or
out-of-order TCP packets, consider changing the normalizer mode from strict
evasion protection to asymmetric mode protection. Contact Cisco TAC if you require
further assistance.
–
Reboot sensor warning—When a user reboots the sensor, a message with a timestamp is logged
so that the time of the reboot can be tracked.
so that the time of the reboot can be tracked.
–
Asymmetric protection mode warning—Make sure anomaly detection is configured to inactive
if the sensor is monitoring asymmetric traffic. Using asymmetric mode protection with anomaly
detection enabled causes excessive resource usage and possible false positives for anomaly
detection signatures.
if the sensor is monitoring asymmetric traffic. Using asymmetric mode protection with anomaly
detection enabled causes excessive resource usage and possible false positives for anomaly
detection signatures.
•
Network participation enhancements
–
In the case of SensorApp failure, the generated core.txt file will be sent with the network
participation update.
participation update.
–
Data gathered for the show health command has been added to the network participation
upload.
upload.
The Sensor and Jumbo Packet Frame Size
For IPS standalone appliances with 1 G and 10 G fixed or add-on interfaces, the maximum jumbo frame
size is 9216 bytes.
size is 9216 bytes.
Note
A jumbo frame is an Ethernet packet that is larger than the standard maximum of 1518 bytes (including
Layer 2 header and FCS).
Layer 2 header and FCS).