Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IDS-4210 picks up what IPS-4240 misses, strange duplex/interface problems

I just installed a IPS-4240 inline on our primary internet inbound connection. I decided to leave the 4210 in place for a week or two while I tuned the signatures. It is receiving a span of the same traffic that the 4240 is receiving.

I noticed today that the 4210 is picking up sig 3250 and the 4240 is no. The first thing I checked to make sure that the 4240 has this signature enabled, and it is. Anyone have any thoughts? BTW, All sensors are on the same version 5.1.1 and running s211 and managed through VMS.

I would also like to mention that I had issues on the 4240 and its interfaces. Management only runs at half duplex and the interfaces that connect to our PIX. I ended up having to put a switch between the 4240 and the Pix 515e to solve the duplex issues.

Anyone have any thoughts on this part

Community Member

Re: IDS-4210 picks up what IPS-4240 misses, strange duplex/inter

I had the same duplex problem with my 4240 sensor connecting to my PIX. The only way I could get it to work without errors is to set both the sensor and the PIX interfaces to auto/auto. I worked with Cisco on this problem. No resolution, just the workaround. As far as sig 3250, IPS and IDS signatures may be a little different. I assume you span from the inside and run your in-line outside your firewall? If this is the case, then the 4240 sensor may see different traffic than the 4210.

Community Member

Re: IDS-4210 picks up what IPS-4240 misses, strange duplex/inter

The 4210 is still outside the firewall and being fed by a span of the same traffic as the 4240. I just hadn't had the opportunity to move it to its new location inside the firewall. I just thought it was strange, sometimes things are only seen when they go into production.

As far as the duple issue, I am glad I am not crazy I was really beginning to think it was me. Thanks for the feedback.

CreatePlease to create content