Cisco Cisco IPS 4255 Sensor 릴리즈 노트
51
Release Notes for Cisco Intrusion Prevention System 7.3(4)E4
OL-32050-01
Restrictions and Limitations
Cisco Security Intelligence Operations is also a repository of information for individual signatures,
including signature ID, type, structure, and description.
including signature ID, type, structure, and description.
You can search for security alerts and signatures at this URL:
Restrictions and Limitations
The following restrictions and limitations apply to the Cisco IPS 7.3(4)E4 software and the products that
run it:
run it:
•
IME 7.2.7 is the only supported IME release for IPS 7.3(4)E4.
•
After upgrading to 7.3(4)E4, you cannot create a hostname that contains '/'(slash) character.
•
Reassemble timeout of 10 seconds:
There are 1000 datagram slots, and with the reduced 10 second timeout, 1000/10=100 dgrams/sec
can be achieved. Each datagram is at least 2 packets, and hence, with the revised fix for CSCun76930
IPS should handle at least 200pps, assuming all fragments are reassembled.
can be achieved. Each datagram is at least 2 packets, and hence, with the revised fix for CSCun76930
IPS should handle at least 200pps, assuming all fragments are reassembled.
Workaround: Depending on the your network, you can tune a parameter from the service user
prompt to handle up to 1000pps.
prompt to handle up to 1000pps.
File to be modified: sensorApp.conf
Path: /usr/cids/idsRoot/etc
To add:
[FragProcessorSettings]
ReAssembleTimeOut=1
•
Based on lab testing, We observed that the IPS could comfortably handle upto 400pps.The IDM has
been built and tested with JAVA 7 Update 45 and earlier. The IDM is not compatible with JAVA 7
Update 51. For IDM to function, you must use the older version of Java. Refer to CSCum55433 if
you must use Java 7u51 and there is no option to use earlier versions.
been built and tested with JAVA 7 Update 45 and earlier. The IDM is not compatible with JAVA 7
Update 51. For IDM to function, you must use the older version of Java. Refer to CSCum55433 if
you must use Java 7u51 and there is no option to use earlier versions.
•
While executing the autoupgradenow command, you cannot use the IDM, IME or the CLI or start
any new sessions until the upgrade is complete.
any new sessions until the upgrade is complete.
•
IPS 7.3(4)E4 supports TLS 1.0 and later. If the peer uses an older SSL version, the connection
cannot be established. All management applications using the IPS Web server, such as the IDM or
CSM, are affected by this change. If the management application does not support TLS1.0 or later,
the management connectivity is lost after upgrading to IPS 7.3(4) because it does not support TLS
versions earlier than TLS1.0.
cannot be established. All management applications using the IPS Web server, such as the IDM or
CSM, are affected by this change. If the management application does not support TLS1.0 or later,
the management connectivity is lost after upgrading to IPS 7.3(4) because it does not support TLS
versions earlier than TLS1.0.
•
If the client does not support SSHv2 or if SSHv2 is disabled, the management connectivity is lost
after upgrading from IPS 7.1(x)E4 to IPS 7.3(4)E4 because SSHv1 is disabled by default in IPS
7.3(4) and later.
after upgrading from IPS 7.1(x)E4 to IPS 7.3(4)E4 because SSHv1 is disabled by default in IPS
7.3(4) and later.
•
LACP has been tested only on the IPS sensor and the Nexus 7000 switch and the Catalyst 6000
switch. Other combinations of IPS sensors and switches have not been tested. It is unknown if the
solution will work as expected with other switches. Also, VPC/VSS configurations are NOT
supported.
switch. Other combinations of IPS sensors and switches have not been tested. It is unknown if the
solution will work as expected with other switches. Also, VPC/VSS configurations are NOT
supported.
•
Link state mirroring applies to the inline interface pair configuration only. Detecting that the peer
interface is up or down and setting the state of the link may take up to 3.5 seconds.
interface is up or down and setting the state of the link may take up to 3.5 seconds.