Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Difference between IPS ver4.x and version 5.x


can someone please tell me the advantage of IPS version 5.x over the 4.x version?

I assume it is still signature based just like 4.x and still difficult to see whatthe signature is looking for on the fly when you need to do so, just like the SNORT.

the fact that I cannot see what the signature is looking for is bothering us but may be I don't know how it works.



Cisco Employee

Re: Difference between IPS ver4.x and version 5.x

IPS version 5.X is signature based like IDS version 4.

Information about the IPS Version 5.1 Sensor Software can be found at

The end of signature updates for IDS 4 version software has passed, please see here for more details.

So you should be using IPS 5.X now.

It would be easier for you to use IDM to check what the signatures look like. The documentation for that is here :

On the same area, you would see more documentation about what the signatures engine's capabilities are :

If you are familiar with regular expressions, then you would understand what the signatures are looking for using IDM, for most signatures.

I hope this information helps you.


Re: Difference between IPS ver4.x and version 5.x

They are both signature based. IPS 4.x is no longer supported by Cisco(no more sig updates), so comparing the two is probably pointless.

You can look at the signatures pretty easily in 5.x. The Cisco documentation about the various settings are not very detailed and some (dare I say many) of the regular expressions are hidden. However, you can look at the signatures and you will probably find them much easier to understand than Snort (mostly because it is a GUI with drop-down boxes, etc).

CreatePlease to create content