I noticed today that the S623 release includes the retiring of signatures 3030-0 (TCP Syn sweep) and 2100-0 (ICMP Echo sweep). I find it interesting that Cisco has opted to have these signatures disabled by default. I figure it is part of the recent "clean up" effort around the default signatures, but it seems that these two signatures could be pretty useful in some cases.
Does anyone happen to have some insight as to why this choice was made?
Yes, both of these signatures are either a low or informational severity, which by default will be getting retired. Agreed that it *could* be useful in *some* cases - but it will all depend on where you placed the IPS, what kind and how much traffic it's seeing... are the thresholds set on the signatures to low or too high, maybe they're just right - but that all depends on your specific situation.
We aren't deleting the signature, it's still there, and if you need or want it, you can activate it. But to get value of of that signature, you will ned to understand your network and traffic patterns and flows, then tune the signature to appropriate thresholds so that it's providing actual value to you.
A whitepaper and video blog post (basically the same material as the whitepaper) have recently been made available to provide more detail to what the default configuration will look like, and how we're making retirement decisions.
It is located in the Documentation and Training tab under “White Papers”
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :