I need some suggestion from all the forum experts,
I am configuring the 2 sensors (4215):
external sensor -- deployed before the firewall of my network.
internal sensor -- deployed after the firewall
My problem is:
1)what are all the signature (Most probable),i need to tune or consider for tuning w.r.t external or internal sensor.
2)The 2 sensor are in promiscus mode,if i bring them into inline --what parameteres to be considered to avoid network outage.
3)I had tuned some of the signature but i am not seeing the alerts in IEV.where shall i look into troubleshoot.
4)From 5.1(8)E2 image to 6.1E2 does 4215 support.
5)Does IME Support IDS.
6)After upgradation does the newly updated signatures was enabled automatically or we have to enable them manually.
Could somebody ,please suggest me for the above points.
Thanks in advance,