You can apply the IPS-sig-S202-minreq-5.0-1.pkg Signature Update and all following signature updates to all 5.0(x) versioned sensors as well as the newly released 5.1(1) version.
These signature updates contain new signature definition parameters to support the new version 5.1(1) sensors. These new signature definition parameters are also seen on version 5.0(x) sensors, but are ignored if configured on version 5.0(x) sensors.
The sensorApp binary on the 5.0(x) sensors is updated during the signature update so that the new sensorApp can read in, and properly ignore those new signature update parameters. This was done so that a single IPS signature update file can be used across all version 5.x sensors.
The new signature definition parameters have been added in version 5.1(1) and are ignored if configured on version 5.0(x) sensors. Any signatures requiring these parameters do trigger on version 5.0(x) sensors.
Be aware of the following installation caveats:
You can apply the IPS-sig-S202-minreq-5.0-1.pkg Signature Update and all following signature updates to version 5.0(1), 5.0(2), 5.0(3), 5.0(4), 5.0(5), and 5.1(1) sensors.
However if you apply any of the signature updates to a 5.0(1) sensor, then you should not upgrade to the 5.0(2) or 5.0(3) Service Packs. Similarly, if you apply the signature update to a 5.0(2) sensor, you should not upgrade to the 5.0(3) Service Pack. The 5.0(2), and 5.0(3) Service Pack installations scripts do not carry forward the new sensorApp binary (CSCsb49911). Upgrading to 5.0(2) or 5.0(3) results in sensorApp generating errors while trying to read the new configuration, and prevents sensorApp from monitoring for attacks. For this reason the 5.0(2) and 5.0(3) Service Packs have been removed from CCO.
If you apply the signature update to a 5.0(1) sensor, you should upgrade to either 5.0(4) or 5.0(5) Service Packs, or 5.1(1) Minor Update. They do not have the CSCsb49911 issue.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...