Cisco Cisco IPS 4255 Sensor
25
Release Notes for Cisco Intrusion Prevention System 6.1(1)E2
OL-19696-01
Restrictions and Limitations
To install IME, follow these steps:
Step 1
Download the IME executable file to your computer, or start IDM in a browser window, and under Cisco
IPS Manager Express, click download to install the IME executable file. IME-6.1.0.32.exe is an example
of what the IME executable file might look like.
IPS Manager Express, click download to install the IME executable file. IME-6.1.0.32.exe is an example
of what the IME executable file might look like.
Step 2
Double-click the executable file. The Cisco IPS Manager Express - InstallShield Wizard appears.
Step 3
You receive a warning if you have a previous version of Cisco IPS Event Viewer installed. Acknowledge
the warning, and exit installation. Remove the older version of IEV, and then continue IME installation.
the warning, and exit installation. Remove the older version of IEV, and then continue IME installation.
Step 4
Double-click the executable file. The Cisco IPS Manager Express - InstallShield Wizard appears.
Step 5
Click Next to start IME installation.
Step 6
Accept the license agreement and click Next.
Step 7
Click Next to choose the destination folder, click Install to install IME, and then click Finish to exit the
wizard. The Cisco IME and Cisco IME Demo icons are now on your desktop.
wizard. The Cisco IME and Cisco IME Demo icons are now on your desktop.
Restrictions and Limitations
The following restrictions and limitations apply to Cisco IPS 6.1(1) E2 software and the products that
run 6.1(1) E2:
run 6.1(1) E2:
•
For IPS 5.0 and later, you can no longer remove the cisco account. You can disable it using the no
password cisco command, but you cannot remove it. To use the no password cisco command, there
must be another administrator account on the sensor. Removing the cisco account through the
service account is not supported. If you remove the cisco account through the service account, the
sensor most likely will not boot up, so to recover the sensor you must reinstall the sensor system
image.
password cisco command, but you cannot remove it. To use the no password cisco command, there
must be another administrator account on the sensor. Removing the cisco account through the
service account is not supported. If you remove the cisco account through the service account, the
sensor most likely will not boot up, so to recover the sensor you must reinstall the sensor system
image.
•
You must reboot the AIM IPS when you apply the E2 engine update and it takes a very long time to
install because of the limited CPU in the AIM IPS. Update times as long as 40 minutes have been
recorded. During the update time, the AIM IPS is in bypass mode, passing traffic without inspection.
install because of the limited CPU in the AIM IPS. Update times as long as 40 minutes have been
recorded. During the update time, the AIM IPS is in bypass mode, passing traffic without inspection.
•
The AIM IPS does not support virtualization.
•
When you reload the router, the AIM IPS also reloads. To ensure that there is no loss of data on the
AIM IPS, make sure you shut down the module using the shutdown command before you use the
reload command to reboot the router.
AIM IPS, make sure you shut down the module using the shutdown command before you use the
reload command to reboot the router.
•
Do not deploy IOS IPS and the AIM IPS at the same time.
•
When the AIM IPS is used with an IOS firewall, make sure SYN flood prevention is done by the
IOS firewall.
IOS firewall.
The AIM IPS the IOS firewall complement abilities of each other to create security zones in the
network and inspect traffic in those zones. Because the AIM IPS the IOS firewall operate
independently, sometimes they are unaware of the activities of the other. In this situation, the IOS
firewall is the best defense against a SYN flood attack.
network and inspect traffic in those zones. Because the AIM IPS the IOS firewall operate
independently, sometimes they are unaware of the activities of the other. In this situation, the IOS
firewall is the best defense against a SYN flood attack.
•
Cisco access routers only support one IDS/IPS per router.
•
On IPS sensors with multiple processors (for example, the IPS 4260 and IPS 4270-20), packets may
be captured out of order in the IP logs and by the packet command. Because the packets are not
processed using a single processor, the packets can become out of sync when received from multiple
processors.
be captured out of order in the IP logs and by the packet command. Because the packets are not
processed using a single processor, the packets can become out of sync when received from multiple
processors.