I'm new on this Community and also in the Cisco security. Here is my question for you:
I have a Router Cisco 7600 with a module IDSM-2 and I update it to version IPS-K9-5.1-8-E3. Now I would like to upgrade it with version IPS 7.0(3) E4.
Is that possible? I read that IPS 6.0 denies high risk events by default and you need to create an event action to solve the problem. How can I solve my problem?? I'm afraid to do something wrong because the router is an important one, if I do something wrong I'm afraid to block all the traffic :s
You can certainly upgrade your IDSM-2 from 5.1(8)E3 to 7.0(4)E4 directly.
In regard to your concern over the IDSM-2 denying high risk events (risk ratings of 90 to 100) by default, this holds true if the IDSM-2 is configured to inspect traffic using inline operation. If the IDSM-2 is configured for promicuous inspection, this will not occur.
If your IDSM-2 is configured for inline operation, the simplest method to avoid the IDSM-2 denying high risk events, is to disable th default event action override (EAO). From within IPS Device Manager (IDM):
Highlight the virtual sensor in question (degfault is vs0) and choose edit.
Under Event Action Rule uncheck "Use Event Action Overrides"
This will disable ALL event actin overrides for the virtual sensor in question. You can also disable just the default High Risk EAO using the same process above, but instead of unchecking "Use Event Action Overrides":
Highlight the 'HIGHRISK' EAO and click 'Edit'
Next to the 'Deny Packet Inline (Inline)' entry uncheck the box under the "Enable" column (not the "Assigned" column).