Информационное Руководство для Cisco Cisco IPS 4520 Sensor
© 2012 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 2 of 3
well. Much of the performance gain is made through the use of hardware- accelerated regular expression
processors that the 4200 Series do not have.
Physical differences are significant because the Cisco IPS 4500 Series is based on the Cisco ASA 5585-X
appliance platform. The 4500 Series has an open slot (slot 1) for future expandability. The 4200 Series does
have more I/O flexibility. What’s more, the Cisco IPS 4260 and 4270 Series can be ordered with a hardware
bypass network interface card (NIC).
Q. What are the performance characteristics of the Cisco IPS 4500 Series?
A. Cisco has redefined IPS performance measurement in a format that is customer and field-service friendly.
We have moved away from a pure HTTP performance metric to an average of five deployment-focused tests.
Using a third-party testing tool and their test suite, we test for performance that is typical of:
●
A remote office or small to medium-sized business
●
An enterprise application suite
●
An enterprise data center
●
An educational institution at the Internet edge
●
A service provider environment
We then average the five tests to get a system performance value. Data sheets then present this value and a
performance range to show the breadth of potential performance the customer will experience. Cisco sales
engineers will be trained on the test-specific values.
Q. What are the management options for the Cisco IPS 4500 Series?
A. At FCS July 2012, Cisco IPS Device Manager (IDM) Version 7.1.4 and Cisco IPS Manager Express (IME)
Version 7.2.3 support the Cisco IPS 4500 Series natively. Cisco Security Manager Version 4.3 also supports
the 4500 Series.
Q. Have the Cisco IPS 4260 and 4270 Series now reached end-of-life?
A. At this time there are no end-of-life activities in place for the Cisco IPS 4200 Series. The same software
version runs on Cisco IPS 4200, 4300, and 4500 Series, offering investment protection for existing customers
who are looking to augment their existing Cisco IPS deployments, or replace older units with better throughput
and performance.
Q. Why would a customer select the 4500 Series over the 5585-X ASA/IPS combination?
A. As discussed in the “differences” question above, there are operational differences between the two. These
operation differences will create preferences within different buying groups. Team focused purely on security,
with needs for stricter security access controls and security visibility, will prefer dedicated IPS appliances. In
addition, at a future point, the Cisco 4500 Series may become even higher performing by accepting a module
in the second (currently empty) slot. As always, it is important to gather needs and understand the buying and
operational dynamics of the teams involved.
Q. Why would a customer select the 5585-X ASA/IPS combination over the Cisco IPS 4500 Series?
A. The converse of the question still comes down to the buying and operating groups. The operational
differences between the two solutions create preferences within different buying groups. Network operations
teams or those with common operators/managers of firewalls and IPS solutions will likely prefer a firewall/IPS
combination. As always, it is important to gather needs and understand the buying and operational dynamics
of the teams involved.