Cisco Cisco IPS 4345 Sensor
53
Release Notes for Cisco Intrusion Prevention System 7.2(1)E4
OL-27710-01
Restrictions and Limitations
You can access Cisco Security Intelligence Operations at this URL:
Cisco Security Intelligence Operations is also a repository of information for individual signatures,
including signature ID, type, structure, and description.
including signature ID, type, structure, and description.
You can search for security alerts and signatures at this URL:
Restrictions and Limitations
The following restrictions and limitations apply to Cisco IPS 7.2(1)E4 software and the products that
run it:
run it:
•
IME 7.2.4 is the only supported IME release for IPS 7.2(1).
•
While executing the autoupgradenow command, you cannot use the IDM, IME or the CLI or start
any new sessions until the upgrade is complete.
any new sessions until the upgrade is complete.
•
IPS 7.2(1)E4 supports TLS 1.0 and later. If the peer uses an older SSL version, the connection
cannot be established.
cannot be established.
•
To support the immediate automatic update feature, a default update schedule with a start time of
00:00:00 and interval of 24 hours has been set. You must enable the automatic update settings before
issuing an immediate automatic update. Disable the automatic update schedule if you do not want
to use the default scheduled update.
00:00:00 and interval of 24 hours has been set. You must enable the automatic update settings before
issuing an immediate automatic update. Disable the automatic update schedule if you do not want
to use the default scheduled update.
•
The IPS 4345 and IPS 4360 do not support hardware bypass.
•
The ASA 5512-X IPS SSP and the ASA 5515-X IPS SSP do not support the Regex accelerator card
and the String XL engines.
and the String XL engines.
•
Applying any signature template erases any existing tunings associated with the targeted signature
definition file. The ASA 5512-X IPS SSP and ASA 5515-X IPS SSP do not support signature
templates (signature threat profiles).
definition file. The ASA 5512-X IPS SSP and ASA 5515-X IPS SSP do not support signature
templates (signature threat profiles).
•
The ASA 5512-X IPS SSP and ASA 5515-X IPS SSP do not support HTTP advanced decoding.
•
Enabling HTTP advanced decoding can have a significantly negative performance and memory
impact on the sensor.
impact on the sensor.
•
Use the show statistics virtual-sensor | include load command (CLI) or look at the statistics for
the virtual sensor at Configuration > Sensor Monitoring > Support Information > Statistics
(IDM/IME) to determine the load value over a longer period of time. The show statistics
analysis-engine command (CLI) and the statistics for the Analysis Engine show values over a
shorter period of time. If you compare the output, the values will appear to be inconsistent due to
the different time periods. To get an accurate comparison between them, compare the processing
load percentage from the statistics for the virtual sensor and the one-minute averaged value from the
statistics for the Analysis Engine.
the virtual sensor at Configuration > Sensor Monitoring > Support Information > Statistics
(IDM/IME) to determine the load value over a longer period of time. The show statistics
analysis-engine command (CLI) and the statistics for the Analysis Engine show values over a
shorter period of time. If you compare the output, the values will appear to be inconsistent due to
the different time periods. To get an accurate comparison between them, compare the processing
load percentage from the statistics for the virtual sensor and the one-minute averaged value from the
statistics for the Analysis Engine.
•
TACACS+ authentication is not supported in IPS 7.2(1)E4.
•
The CLI timeout feature is applicable only for sessions established through SSH, Telnet, and the
console. Service account logins are not affected.
console. Service account logins are not affected.
•
Anomaly detection does not support IPv6 traffic; only IPv4 traffic is directed to the anomaly
detection processor.
detection processor.
•
IPv6 does not support the following event actions: Request Block Host, Request Block Connection,
or Request Rate Limit.
or Request Rate Limit.