Cisco Cisco IPS 4255 Sensor 릴리즈 노트
5
Release Notes for Cisco Intrusion Prevention System 7.1(2)E4
OL-25325-01
Signature 23899
Signature 23899
If you are using signature updates 500 to 553 or 555 to 559, you need to disable signature 23899.0 before
applying the 7.1(2)E4 update. Signature update S550 introduced a bad value for one of the parameters
of signature 23899.0 in addition to retiring and disabling it. This bad parameter was included in signature
updates S500to S553 and S555 to S559.
applying the 7.1(2)E4 update. Signature update S550 introduced a bad value for one of the parameters
of signature 23899.0 in addition to retiring and disabling it. This bad parameter was included in signature
updates S500to S553 and S555 to S559.
Because this signature was retired and disabled, the bad parameter does not affect the functionality of
the sensor. Updating to this service pack or S567 or later resolves the problem. Signature 23899.0 has
been retired, disabled, and obsoleted.
the sensor. Updating to this service pack or S567 or later resolves the problem. Signature 23899.0 has
been retired, disabled, and obsoleted.
For More Information
For the procedure for disabling signatures, for the IDM refer to
.
ASA IPS 5585-X and Jumbo Packet Frame Size
Refer to the following URL for information about ASA module jumbo packet frame size:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1328
86
86
9
Note
A jumbo frame is an Ethernet packet that is larger than the standard maximum of 1518 bytes (including
Layer 2 header and FCS).
Layer 2 header and FCS).
The ASA 5585-X IPS SSP and Jumbo Packets
The jumbo packet count in the show interface command output from the lines
Total Jumbo Packets
Received
and
Total Jumbo Packets Transmitted
for ASA IPS modules may be larger than expected
due to some packets that were almost jumbo size on the wire being counted as jumbo size by the IPS.
This miscount is a result of header bytes added to the packet by the ASA before the packet is transmitted
to the IPS. For IPv4, 58 bytes of header data are added. For IPv6, 78 bytes of header data are added. The
ASA removes the added IPS header before the packet leaves the ASA.
This miscount is a result of header bytes added to the packet by the ASA before the packet is transmitted
to the IPS. For IPv4, 58 bytes of header data are added. For IPv6, 78 bytes of header data are added. The
ASA removes the added IPS header before the packet leaves the ASA.
Obtaining Software
You can find major and minor updates, service packs, signature and signature engine updates, system
and recovery files, firmware upgrades, and Readmes on the Download Software site on Cisco.com.
Signature updates are posted to Cisco.com approximately every week, more often if needed. Service
packs are posted to Cisco.com in a release train format, a new release every three months. Major and
minor updates are also posted periodically. Check Cisco.com regularly for the latest IPS software.
and recovery files, firmware upgrades, and Readmes on the Download Software site on Cisco.com.
Signature updates are posted to Cisco.com approximately every week, more often if needed. Service
packs are posted to Cisco.com in a release train format, a new release every three months. Major and
minor updates are also posted periodically. Check Cisco.com regularly for the latest IPS software.
You must have an account with cryptographic access before you can download software. You set this
account up the first time you download IPS software from the Download Software site.
account up the first time you download IPS software from the Download Software site.