Cisco Cisco IPS 4255 Sensor 릴리즈 노트
23
Release Notes for Cisco Intrusion Prevention System 6.0(4)E2
OL-20146-01
Restrictions and Limitations
Step 7
Copy your license key from a sensor to a server to keep a backup copy of the license:
sensor# copy license-key scp://user@10.89.147.3://tftpboot/dev.lic
Password: *******
sensor#
For More Information
•
For the CLI procedure for adding hosts to the known hosts list, refer to
. For the IDM procedure, refer to
.
•
For the CLI procedure for adding TLS trusted hosts, refer to
. For the
IDM procedure, refer to
•
For more information on Cisco service contracts, see
.
Restrictions and Limitations
The following restrictions and limitations apply to Cisco IPS 6.0(4)E2 software and the products that
run 6.0(4)E2:
run 6.0(4)E2:
•
For IPS 5.0 and later, you can no longer remove the cisco account. You can disable it using the no
password cisco command, but you cannot remove it. To use the no password cisco command, there
must be another administrator account on the sensor. Removing the cisco account through the
service account is not supported. If you remove the cisco account through the service account, the
sensor most likely will not boot up, so to recover the sensor you must reinstall the sensor system
image.
password cisco command, but you cannot remove it. To use the no password cisco command, there
must be another administrator account on the sensor. Removing the cisco account through the
service account is not supported. If you remove the cisco account through the service account, the
sensor most likely will not boot up, so to recover the sensor you must reinstall the sensor system
image.
•
Do not confuse Cisco IOS IDS or Cisco IPS (a software-based intrusion-detection/prevention
application that runs in the Cisco IOS) with the IPS that runs on the NM CIDS. The NM CIDS runs
Cisco IPS 6.0(4)E2. Because performance can be reduced and duplicate alarms can be generated,
we recommend that you do not run Cisco IOS IDS and Cisco IPS 6.0(4)E2 simultaneously.
application that runs in the Cisco IOS) with the IPS that runs on the NM CIDS. The NM CIDS runs
Cisco IPS 6.0(4)E2. Because performance can be reduced and duplicate alarms can be generated,
we recommend that you do not run Cisco IOS IDS and Cisco IPS 6.0(4)E2 simultaneously.
•
Only one NM CIDS is supported per Cisco 2600, 2811, 2821 2851, 3825, 3845, and 3700 series
router.
router.
•
Jumbo frames are not supported on the NM CIDS.
•
The NM CIDS does not run in inline mode.
•
The AIM IPS, IDS 4215, and NM CIDS do not support virtualization.
•
When you reload the router, the AIM IPS also reloads. To ensure that there is no loss of data on the
AIM IPS, make sure you shut down the module using the shutdown command before you use the
reload command to reboot the router.
AIM IPS, make sure you shut down the module using the shutdown command before you use the
reload command to reboot the router.
•
Do not deploy IOS IPS and the AIM IPS at the same time.
•
When the AIM IPS is used with an IOS firewall, make sure SYN flood prevention is done by the
IOS firewall.
IOS firewall.
The AIM IPS and the IOS firewall complement each other’s abilities to create security zones in the
network and inspect traffic in those zones. Because the AIM IPS and the IOS firewall operate
independently, sometimes they are unaware of the other’s activities. In this situation, the IOS
firewall is the best defense against a SYN flood attack.
network and inspect traffic in those zones. Because the AIM IPS and the IOS firewall operate
independently, sometimes they are unaware of the other’s activities. In this situation, the IOS
firewall is the best defense against a SYN flood attack.
•
Cisco access routers only support one IDS/IPS per router.