Help with 4255

Unanswered Question
Mar 15th, 2010

Hi All,

I have installed a 4255 sensor inline behind an ASA 5550 that connects to the Internet.

The problem is that the IPS is not tuned (brand-new) and as soon as we connect the IPS inline, the CPU goes up to 100% and stops the traffic flow in a matter of minutes.

Therefore we removed the IPS and everything went back to normal.

Now, I connected the 4255 in promiscuous mode (behind the ASA connected to the 4506 backbone Switch), and I still see the CPU between 40% to 80%

The sensor is running the latest image 7.0(2)E3 and the latest signature package S477.0

My questions are:

1. Where do I check on the sensor exactly what is it doing, because we plan to leave the IPS in IDS mode for a couple of weeks. Are there some kind of reports that I can get from it? What is the best way to check it out? I managed the sensor via IDM 7.0

2. After getting the above information what is the recomendation to tune the device? Disable signatures? How do I find out which signatures do I need and if we are getting lots of false positives and/or false negatives?

3. Any other comments are appreciated!

Thank you All as always.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion