1) You'll have to figure which signatures you want to see events for based on event analysis. Your goal is to eliminate false positives so you can concentrate on real, actionable events.
2) Putting two 4215 sensors inline will certainly be a contributing factor to network outages. If you MUST put and IPS inline use the one inside the firewall.
3) Tuneing signatures can mean a lot of different things, disabling it (it doesn;t report), retireing it (removes it from processing, a CPU saver) or reducing the severity (this one will still let you see the event).
4) The 4215 does NOT support 6.1, the highest you can go is 6.0, but there have been plenty of memory issues on the 4215 with 6.0, so you might be better with 5.x
6)Upgrades should perserve your previous signature settings.
I wouldn't bet on your 4215 running anywhere NEAR 79 Mb/s without missing packets. In real live networks we see the appliance sensors typically perform at about 1/3 of Cisco's rated capicity before missing packets and running the CPU to 100%.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...