Where do we start? I guess the the benefits really happen if you have other cisco products.
For instance, if you are running Cisco Security Agent as well, you'll be able to do some event correlation by setting up the CSAMC to communication with the IPS. This gives a good visual for traffic making it through the IPS. When the agent fires an alert, it communicates that back to the sensor. The sensor then increases a score for the source address. That of course increases the chances of it being blocked.
Anomaly detection is also a big thing. This detects actions between networks, as long as they flow through the IPS, for "suspicious" activity. Things such as scanning or multiple connections. There is a good presentation on this that cisco has done. It explains how the metrics work as well as setting up the learning mode.
What I think is a very nice feature is the possibility of multiple virtual interfaces. You can create a vast array of custom setups to apply in various situations.
You can write a book about all of this, which is why many people just post links. Its easier and a lot more resourceful. But, I hope this assists you. OH, I'm sure I've left items here and there out. But, you get the idea.
There are many enhancements, but two of the most significant new features are:
1. Multiple Virtual Sensors. This allows you to scan the same traffic in multiple places in your network without confusing the virtual sensor normalizer. It will recognize that the traffic has traversed two locations in the network that are being scanned by the IPS.
2. 6.0(4) has support for asymmetric traffic. Again, this makes the Virtual Sensor more robust to support more complex traffic flow without normalization issues. See this site for more information.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...