Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Why Upgrade to IPS ver 6

Hi,

We have installed an IPS 4215 with VMS 2.3.

Since upgrading to ver 6 of IPS I lost some functionality of the Management Console. Could not re-import the IPS sensor.

I have since found out that ver 6 is no longer supported with MC and we need to upgrade to CSM 3.1. That is not too bad but now VMS has gone altogether from the server (after installing CSM 3.1) and we have no reporting at all. I see the only solution to this is to purchase MARS, a very large cost for only one PIX and one IPS sensor.

My questions are:

Why should we upgrade to ver 6, how long is ver 5 going to be supported?

Is there any other way I can get some reporting or monitoring other than MARS? We could use syslog but that is not very functional.

Thank you

Scott

12 REPLIES
New Member

Re: Why Upgrade to IPS ver 6

I have another question.

Is it possible to run CSM and VMS on the same server?

We still want to use VMS to monitor a PIX.

Silver

Re: Why Upgrade to IPS ver 6

It's not a good idea to try and run VMS on a server with anything else. VMS is slow enough without having another application competing for resources.

Gold

Re: Why Upgrade to IPS ver 6

"Why should we upgrade to ver 6, how long is ver 5 going to be supported? "

It sounds like maybe you shouldn't. The v6 software offers some new functionality, most promising IMHO is passive OS detection and anomaly detection.

As you already noted in another post, you can use the IEV software to monitor events. It looks very similar to the VMS event viewer.

New Member

Re: Why Upgrade to IPS ver 6

In addition to MARS and IEV already discussed, there are other third party tools that can access the SDEE and RDEP output from the Cisco IDS devices and do correlation.

I'm not sure of the appropriateness of discussing them here, so won't go into detail... but it should be acceptable to just note that they do exist; email me if you want to know some more about some of the ones we have looked at.

Thanks!

...Nick

Gold

Re: Why Upgrade to IPS ver 6

There is no offical word from Cisco on the End of Life date of 5.x, but typicaly, Cisco will keep 5.x alive for 18 months after releasing 6.x. Since 6.x was released in November, most folks are planning to be forced into a 6.x migration sometime around May 2008. 5.x will still work after that date, like 4.x and 3.x still do, but Cisco will stop producing signature updates for that version.

Cisco Employee

Re: Why Upgrade to IPS ver 6

AS for your question about IPS ver 5 support.

IPS ver 5.1 will continue to be signature update supported until at least June of 2008.

And it will likely be longer than even that.

The official end date of signature update support will not be determined until an official End Of Sale announcement is made, and that has not happened as of yet.

So you can stay with 5.1 for quite a bit longer if you like.

Others have already posted some of the available options for configuration and monitoring.

One option that was not mentioned is to re-install VMS and use the Security Monitor within VMS to do your monitoring. Security Monitor will still work with IPS 6.0. It is just the IPS Management Center of VMS that can not configure an IPS 6.0 sensor.

For configuration you could then either install CSM 3.1 on a separate box, or since you only have one sensor just use IDM for managing the sensor configuration.

New Member

Re: Why Upgrade to IPS ver 6

Marcoa,

Back in December you responded to a post on this topic with the following information, "SecMon monitoring an IPS version 6.0 was tested. The existing SecMon version Can monitor IPS 6.0, but will only show the fields in the alerts that existed in IPS 5.1. SecMon will not show the new fields that are only seen in IPS 6.0. "

Does this caveat still hold true? Thanks for your continued support.

Regards,

Chad

Cisco Employee

Re: Why Upgrade to IPS ver 6

Yes,

It was also tested with IPS 6.0(2)E1 as well, and the same still holds true.

SecMon can monitor it, but only shows the alert fields that were available in 5.1 sensors.

New Member

Re: Why Upgrade to IPS ver 6

Installed CSM 3.0.1 and tried to add devices with IPS 6.0 and failed.

Anyone had this problem?

New Member

Re: Why Upgrade to IPS ver 6

You need to use 3.1.

Otherwise it should work.

Scott

Cisco Employee

Re: Why Upgrade to IPS ver 6

Check your version of CSM

CSM 3.0.1 does Not support IPS 6.0

CSM 3.1.0 Does support IPS 6.0

Very easy to confuse the 2 versions.

New Member

Re: Why Upgrade to IPS ver 6

Thanks! I will try that.

235
Views
15
Helpful
12
Replies
CreatePlease to create content