产品分类
联系我们
回收CISCO思科ASA系列
首页 » 产品展示 » 回收思科CISCO防火墙 » 回收CISCO思科ASA系列
思科ASA5525-IPS-SSP
发布时间:2014/1/15 12:27:43 点击量:
思科ASA5525-IPS-SSP The following notes and caveats apply to configuring interfaces on the sensor:
•On appliances, all sensing interfaces are disabled by default. You must enable them to use them. On modules, the sensing interfaces are permanently enabled.
•In IPS 7.1, rx/tx flow control is disabled on the IPS 4200 series sensors. This is a change from IPS 7.0 where rx/tx flow control is enabled by default.
•There is only one sensing interface on the ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and ASA 思科ASA5525-IPS-SSP IPS SSP), so you cannot designate an alternate TCP reset interface.
•You can only assign a sensing interface as an alternate TCP reset interface. You cannot configure the management interface as an alternate TCP reset interface.
•You configure the ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP ASA 思科ASA5525-IPS-SSP IPS SSP) for promiscuous mode from the adaptive security appliance CLI and not from the Cisco IPS CLI.
•You can configure the ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and ASA 思科ASA5525-IPS-SSP IPS SSP) to operate inline even though they have only one sensing interface.
•The ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and ASA 思科ASA5525-IPS-SSP IPS SSP) do not support inline VLAN pairs.
•The ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and ASA 思科ASA5525-IPS-SSP IPS SSP) do not support VLAN groups mode.
•There are security consequences when you put the sensor in bypass mode. When bypass mode is on, the traffic bypasses the sensor and is not inspected; therefore, the sensor cannot prevent malicious attacks.
•As with signature updates, when the sensor applies a global correlation update, it may trigger bypass. Whether or not bypass is triggered depends on the traffic load of the sensor and the size of the signature/global correlation update. If bypass mode is turned off, an inline sensor stops passing traffic while the update is being applied.
•The ASA 5500-X IPS SSP and ASA 思科ASA5525-IPS-SSP IPS SSP do not support bypass mode. The adaptive security appliance will either fail open, fail close, or fail over depending on the configuration of the adaptive security appliance and the type of activity being done on the IPS.
•The show interface command output for the IPS 4510 思科ASA5525-IPS-SSP and IPS 4520 does not include the total undersize packets or total transmit FIFO overruns.
•When the IPS 4510 and IPS 4520 are configured in VLAN pairs, the packet display command does not work without the VLAN option if the expression keyword is also used.
•For the IPS 4510 and IPS 4520, the maximum number of inline 思科ASA5525-IPS-SSP VLAN pairs you can create systemwide is 150. On all other platforms, the limit is 255 per interface.
•On the IPS 4510 and IPS 4520, no interface-related configurations are allowed when the SensorApp is down.思科ASA5525-IPS-SSP
•On appliances, all sensing interfaces are disabled by default. You must enable them to use them. On modules, the sensing interfaces are permanently enabled.
•In IPS 7.1, rx/tx flow control is disabled on the IPS 4200 series sensors. This is a change from IPS 7.0 where rx/tx flow control is enabled by default.
•There is only one sensing interface on the ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and ASA 思科ASA5525-IPS-SSP IPS SSP), so you cannot designate an alternate TCP reset interface.
•You can only assign a sensing interface as an alternate TCP reset interface. You cannot configure the management interface as an alternate TCP reset interface.
•You configure the ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP ASA 思科ASA5525-IPS-SSP IPS SSP) for promiscuous mode from the adaptive security appliance CLI and not from the Cisco IPS CLI.
•You can configure the ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and ASA 思科ASA5525-IPS-SSP IPS SSP) to operate inline even though they have only one sensing interface.
•The ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and ASA 思科ASA5525-IPS-SSP IPS SSP) do not support inline VLAN pairs.
•The ASA IPS modules (ASA 5500 AIP SSM, ASA 5500-X IPS SSP, and ASA 思科ASA5525-IPS-SSP IPS SSP) do not support VLAN groups mode.
•There are security consequences when you put the sensor in bypass mode. When bypass mode is on, the traffic bypasses the sensor and is not inspected; therefore, the sensor cannot prevent malicious attacks.
•As with signature updates, when the sensor applies a global correlation update, it may trigger bypass. Whether or not bypass is triggered depends on the traffic load of the sensor and the size of the signature/global correlation update. If bypass mode is turned off, an inline sensor stops passing traffic while the update is being applied.
•The ASA 5500-X IPS SSP and ASA 思科ASA5525-IPS-SSP IPS SSP do not support bypass mode. The adaptive security appliance will either fail open, fail close, or fail over depending on the configuration of the adaptive security appliance and the type of activity being done on the IPS.
•The show interface command output for the IPS 4510 思科ASA5525-IPS-SSP and IPS 4520 does not include the total undersize packets or total transmit FIFO overruns.
•When the IPS 4510 and IPS 4520 are configured in VLAN pairs, the packet display command does not work without the VLAN option if the expression keyword is also used.
•For the IPS 4510 and IPS 4520, the maximum number of inline 思科ASA5525-IPS-SSP VLAN pairs you can create systemwide is 150. On all other platforms, the limit is 255 per interface.
•On the IPS 4510 and IPS 4520, no interface-related configurations are allowed when the SensorApp is down.思科ASA5525-IPS-SSP
上一条:ASA-VPN-CLNT-K9 | 下一条:ASA5525-IPS-K9
版权所有 Copyright © 2009-2011 All rights reserved. CISCO\H3C\HUAWEI等新旧网络产品回收
地址:深圳市龙岗区龙岗天安数码城4栋A座609 http://www.2ciscow.com 咨询热线:13316580697 联系人:罗先生 企业邮箱:cisco@2ciscow.com
粤ICP备11090912号-1
在线客服
-
采购部
采购经理
-
销售部
销售经理
销售经理
-
技术部
技术经理
绿思科技微信公众号
网络设备回收
