Purchased an IPS 4255 to replace a TippingPoint unit we have use for a number of year. I configured the 4255 so I can talk to the mangement interface to get used to the Web Interface. I have loaded the latest software code and SIGs.
Should I run the unit in promiscuous for awhile before going inline? Our TippingPoint updated its SIGs automatic and I reviewed the release to see if I should change the default action. Since I'm new to the 4255 and the Cisco SIGs. How does one get a feel for what all is enabled for denied by default? Would running in promiscuous allow me to see what SIGs when be denied and allow me to adjust until I go inline?
The latest code for the 4255 allow for auto update from Cisco. There isn't a means to force a manual update? We had that with the TippingPoint. The TippingPoint only did auto updates on SIGs. The 4255 appears to do both code and SIGs. I see no way to just select auto SIG updates?