Cisco Cisco IPS 4255 Sensor 릴리즈 노트
3
Release Notes for the Cisco Intrusion Prevention System Device Manager 7.3.1
OL-30816-01
New and Changed Information
–
You can preserve user tunings. A message is displayed stating that the tunings are preserved
when the threat profile is applied and your tunings will be preferred in case of a conflict. When
a threat profile is applied on a signature instance, the IDM first applies the user tunings (current
configuration) on the default configuration, then it applies the signature template to the
complete configuration. During this process if a tuned signature is found, it will not be changed.
when the threat profile is applied and your tunings will be preferred in case of a conflict. When
a threat profile is applied on a signature instance, the IDM first applies the user tunings (current
configuration) on the default configuration, then it applies the signature template to the
complete configuration. During this process if a tuned signature is found, it will not be changed.
–
Configuration > Signature Configuration > Add Policy/Clone Policy
You can add a threat profile here.
–
Configuration > Policies > Signature Definitions
You can manage signature instances and threat profiles here.
–
Configuration > Policies > Signature Definitions > sig0
Right-click the signature instance to apply, remove, replace templates, and delete signature
instances. You can identify the threat profile on the bottom pane and mouse-over on the
signature instance, which shows the threat profile name, profile version, signature version, and
virtual sensor assignment.
instances. You can identify the threat profile on the bottom pane and mouse-over on the
signature instance, which shows the threat profile name, profile version, signature version, and
virtual sensor assignment.
–
Configuration > Policies > Signature Definitions > sig0 > All Signatures > Threat Profile
Apply/replace/delete threat profiles here.
–
Configuration > Policies > IPS Policies
You can identify the threat profile for the virtual sensor.
–
Edit Virtual Sensor
You can identify the threat profile and can creat a new signature instance with a threat profile.
–
Threat profiles provide Cisco-recommended set of signatures for different deployment profiles:
Edge, Data Center, Web Applications, and SCADA.
Edge, Data Center, Web Applications, and SCADA.
–
Threat profiles are delivered along with signature sets as a part of signature updates; your
tunings are retained.
tunings are retained.
•
Link Aggregation Control Protocol (LACP) support for the IPS 4500 series sensors:
–
Provides scalability with an aggregate throughput of 80 Gbps with 16 sensors connected in a
port channel.
port channel.
–
Helps the switch to detect the IPS failures faster and redistribute the traffic among other
members of the port channel.
members of the port channel.
–
Configuration > Interfaces > LACP
You can configure LACP here. You must have inline VLAN pairs configured first on your sensor
and LACP configured on a Cisco Nexus 7K or Catalyst 6K switch.
and LACP configured on a Cisco Nexus 7K or Catalyst 6K switch.
–
Sensor Monitoring > LACP > LACP Neighbor
You can view the LACP neighbors with the system details.
–
Sensor Monitoring > LACP > LACP Internal
You can view the LACP internals with their system details.
•
Improved and stable SMB Advanced signature engine:
–
Enhanced inspection for MSRPC request handling code execution vulnerability
–
Support for Big-endian MSPRC traffic
–
Multiple DCE-RPC requests in single WriteAndX command
–
SMB AndX command with wordcount 0