I'm hoping that I can ask a question here about the IPS function built into the AdvSec versions of IOS?
I have experimented with implementing the default signature set on 3845's (12.4 mainline, 1GB dram) - and it works well; but the CPU utilization jumps from around 10% to ~30% - without any other changes.
Is this much of a jump to be expected? And, is there any "tuning" that can be done to bring it down significantly?
This is normal and can be tuned (i.e disable sigs for any protocols not in use). I would suggest using the 256MB signature definition file, as that is what I am using and it doesn't add much more overhead than builtin sigs. I have one 2811 in particular feeding 2 T1s w/ MLPPP and taking advantage of the Firewall & IPS features. These 2 features alone only added around 13% extra CPU utilization on this small box.
I really appreciate knowing that the sharp jump is to be expected - I was expecting something less than a 100% increase in CPU; and it's helpful to know that the 256 sig set is close in performance to the built-ins.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...