cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
903
Views
15
Helpful
12
Replies

Why Upgrade to IPS ver 6

scottyd
Level 1
Level 1

Hi,

We have installed an IPS 4215 with VMS 2.3.

Since upgrading to ver 6 of IPS I lost some functionality of the Management Console. Could not re-import the IPS sensor.

I have since found out that ver 6 is no longer supported with MC and we need to upgrade to CSM 3.1. That is not too bad but now VMS has gone altogether from the server (after installing CSM 3.1) and we have no reporting at all. I see the only solution to this is to purchase MARS, a very large cost for only one PIX and one IPS sensor.

My questions are:

Why should we upgrade to ver 6, how long is ver 5 going to be supported?

Is there any other way I can get some reporting or monitoring other than MARS? We could use syslog but that is not very functional.

Thank you

Scott

12 Replies 12

scottyd
Level 1
Level 1

I have another question.

Is it possible to run CSM and VMS on the same server?

We still want to use VMS to monitor a PIX.

It's not a good idea to try and run VMS on a server with anything else. VMS is slow enough without having another application competing for resources.

mhellman
Level 7
Level 7

"Why should we upgrade to ver 6, how long is ver 5 going to be supported? "

It sounds like maybe you shouldn't. The v6 software offers some new functionality, most promising IMHO is passive OS detection and anomaly detection.

As you already noted in another post, you can use the IEV software to monitor events. It looks very similar to the VMS event viewer.

Nick Egloff
Level 1
Level 1

In addition to MARS and IEV already discussed, there are other third party tools that can access the SDEE and RDEP output from the Cisco IDS devices and do correlation.

I'm not sure of the appropriateness of discussing them here, so won't go into detail... but it should be acceptable to just note that they do exist; email me if you want to know some more about some of the ones we have looked at.

Thanks!

...Nick

rhermes
Level 7
Level 7

There is no offical word from Cisco on the End of Life date of 5.x, but typicaly, Cisco will keep 5.x alive for 18 months after releasing 6.x. Since 6.x was released in November, most folks are planning to be forced into a 6.x migration sometime around May 2008. 5.x will still work after that date, like 4.x and 3.x still do, but Cisco will stop producing signature updates for that version.

marcabal
Cisco Employee
Cisco Employee

AS for your question about IPS ver 5 support.

IPS ver 5.1 will continue to be signature update supported until at least June of 2008.

And it will likely be longer than even that.

The official end date of signature update support will not be determined until an official End Of Sale announcement is made, and that has not happened as of yet.

So you can stay with 5.1 for quite a bit longer if you like.

Others have already posted some of the available options for configuration and monitoring.

One option that was not mentioned is to re-install VMS and use the Security Monitor within VMS to do your monitoring. Security Monitor will still work with IPS 6.0. It is just the IPS Management Center of VMS that can not configure an IPS 6.0 sensor.

For configuration you could then either install CSM 3.1 on a separate box, or since you only have one sensor just use IDM for managing the sensor configuration.

Marcoa,

Back in December you responded to a post on this topic with the following information, "SecMon monitoring an IPS version 6.0 was tested. The existing SecMon version Can monitor IPS 6.0, but will only show the fields in the alerts that existed in IPS 5.1. SecMon will not show the new fields that are only seen in IPS 6.0. "

Does this caveat still hold true? Thanks for your continued support.

Regards,

Chad

Yes,

It was also tested with IPS 6.0(2)E1 as well, and the same still holds true.

SecMon can monitor it, but only shows the alert fields that were available in 5.1 sensors.

Installed CSM 3.0.1 and tried to add devices with IPS 6.0 and failed.

Anyone had this problem?

You need to use 3.1.

Otherwise it should work.

Scott

Check your version of CSM

CSM 3.0.1 does Not support IPS 6.0

CSM 3.1.0 Does support IPS 6.0

Very easy to confuse the 2 versions.

Thanks! I will try that.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: