Cisco Cisco IPS 4520 Sensor 정보 가이드
Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
Cisco IPS 4500 Series Sensors
Q. What is the Cisco IPS 4500 Series Sensor?
A. The Cisco
®
Intrusion Protection System (IPS) 4500 Series is a high-throughput, dedicated sensor. The 4500
Series sensors are built on the Cisco ASA 5585-X Adaptive Security Appliance chassis. At first customer
shipment (FCS), the 4500 Series operates as a single Security Services Processor (SSP) blade in the bottom
slot (slot 0). The Cisco IPS 4500 Series do not require a Cisco ASA blade to operate.
Q. Which customers are most likely to need the Cisco IPS 4500 Series?
A. Organizations that require high throughput and separation of security controls are optimal customers for the
4500 Series. Dedicated security staff at large organizations may require complete control of their IPS systems
and thus prefer dedicated appliances. The Cisco IPS 4500 Series is attractive to customers who do not want
to pay for both a high-end firewall offering and a high-end IPS and are seeking a solution based on price for
performance.
Q. Where should customers deploy the Cisco IPS 4500 Series?
A. The data center and high traffic network junctions are optimal deployment sites for the 4500 series. Customer
data centers require data and access security, and an invisible, in-line IPS is well suited for this setting.
Internal network edges such as those found between campuses and subnet cores can also benefit from
security segmentation. Organizations with Internet connections greater than 2 Gbps also benefit from the
4500 Series.
Q. What is the difference between the Cisco IPS 4500 Series and the Cisco ASA 5585-X Series-based IPS?
A. While the physical differences are minimal, there are multiple operational differences. These are the same
systematic differences found between Cisco’s firewall IPS solutions and dedicated IPS platforms.
●
Dedicated IPS platforms are invisible on the wire and default to a fail-open operation to ensure network
continuity.
●
The dedicated IPS controls all packet processing and its own I/O.
●
The evasion detection and normalization process is fully under the IPS’s control, and its outputs are visible
to the threat-detection process.
●
The firewall defaults to a closed condition in a failure and is detectable on the network.
●
When IPS is coupled with the firewall, there are additional packet routing and inspections on the firewall
that offload some IPS processing.
●
The Cisco ASA can provide identity context to determine flows for inspection by specific IPS policies.
Q. What is the difference between the Cisco IPS 4500 Series and the Cisco IPS 4200 or 4300 Series?
A. There are no IPS software differences: the Cisco IPS 4200, 4300, and 4500 Series run the same software
version. All three series operate with the same signatures offering the same protections.
The primary difference is performance: the 4500 Series offers significantly improved throughput and latency.
The maximum connections and connection-per-second rates for the 4500 Series are significantly higher as