Cisco Cisco IPS 4345 Sensor 릴리즈 노트
6
Release Notes for Cisco Intrusion Prevention System 7.1(4)E4
OL-25389-01
The IDM and JRE 1.7
The IDM and JRE 1.7
In IPS versions 7.1(1)E4 through 7.1(5)E4, the IDM fails to connect to the sensor due to a failure during
the initial handshake, because the web server is not RFC 5746-compliant. Try the following workaround.
the initial handshake, because the web server is not RFC 5746-compliant. Try the following workaround.
Problem
Cannot launch the IDM, when the IDM is running under JRE 1.7 with IPS 7.1(1)E4 through
7.1(5)E4.
Solution
Use JRE 1.6 or enable the SSL 2.0-compatible ClientHello format in the Java settings under
Control Panel.
The Sensor and Jumbo Packet Frame Size
For IPS standalone appliances with 1 G and 10 G fixed or add-on interfaces, the maximum jumbo frame
size is 9216 bytes. For integrated IPS sensors, such as the ASA 5500-X and ASA 5585-X series, refer to
the following URL for information:
size is 9216 bytes. For integrated IPS sensors, such as the ASA 5500-X and ASA 5585-X series, refer to
the following URL for information:
http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/interface_start.html#wp1328
86
86
9
Note
A jumbo frame is an Ethernet packet that is larger than the standard maximum of 1518 bytes (including
Layer 2 header and FCS).
Layer 2 header and FCS).
The ASA IPS Modules and Jumbo Packets
The jumbo packet count in the show interface command output from the lines
Total Jumbo Packets
Received
and
Total Jumbo Packets Transmitted
for ASA IPS modules may be larger than expected
due to some packets that were almost jumbo size on the wire being counted as jumbo size by the IPS.
This miscount is a result of header bytes added to the packet by the ASA before the packet is transmitted
to the IPS. For IPv4, 58 bytes of header data are added. For IPv6, 78 bytes of header data are added. The
ASA removes the added IPS header before the packet leaves the ASA.
This miscount is a result of header bytes added to the packet by the ASA before the packet is transmitted
to the IPS. For IPv4, 58 bytes of header data are added. For IPv6, 78 bytes of header data are added. The
ASA removes the added IPS header before the packet leaves the ASA.
Obtaining Software
You can find major and minor updates, service packs, signature and signature engine updates, system
and recovery files, firmware upgrades, and Readmes on the Download Software site on Cisco.com.
Signature updates are posted to Cisco.com approximately every week, more often if needed. Service
packs are posted to Cisco.com in a release train format, a new release every three months. Major and
minor updates are also posted periodically. Check Cisco.com regularly for the latest IPS software.
and recovery files, firmware upgrades, and Readmes on the Download Software site on Cisco.com.
Signature updates are posted to Cisco.com approximately every week, more often if needed. Service
packs are posted to Cisco.com in a release train format, a new release every three months. Major and
minor updates are also posted periodically. Check Cisco.com regularly for the latest IPS software.
You must have an account with cryptographic access before you can download software. You set this
account up the first time you download IPS software from the Download Software site.
account up the first time you download IPS software from the Download Software site.
Note
You must be logged in to Cisco.com to download software. You must have an active IPS maintenance
contract and a Cisco.com password to download software. You must have a sensor license to apply
signature updates.
contract and a Cisco.com password to download software. You must have a sensor license to apply
signature updates.