Has anyone here upgraded MARS from 3.4.x to 4.1.1? I seem to be experiencing some interesting issues, in terms of a lack of events / sessions are no longer being reported (looking at graphs from the point of upgrade there is a significant drop in reported data.). Its almost like my devices were dropped.
Just curious if anyone else has attempted an early upgrade.
We upgraded to 4.1.1 and we seem to have a problem where IPS v5 events aren't being process correctly. Also appears that the password listed for the IPS device was changed/corrupted during the 4.1.1 upgrade and we had to manually change it back.
We have two PN-200's in our infrastructure, with approximately ~80 4235's IDSs pointed at them, ~70 PIX 525/535's, 3 Checkpoints, and 12 VPN 3000 concentrators.
We were running 3.4.4 with only a few minor problems, but updated one of our test boxes to 4.1.1. The update went OK, and added the new features, but introduced 3 problems specific to the 4.1.1 code:
1. Device Set reporting within customixed reports, or any canned reports that use the device set field, no longer report the device. Top reporting devices DO work, however.
2. The case/ticketing system is broken, in that any reports attached to it seem to have their data corrupted once attached to a ticket.
The 4.1.1 code did, however, introduce a separate, more severe problem in our production box, that results in us not being able to batch any reports (it only lets us run them inline) and reports longer than 7-9 hours don't typically finish. I feel I've narraowed it down to a fault with the PNPARSER service that seems to restart fairly often (at least every hour, usually every few minutes), as well as the superV service.
I've got 4 TAC cases open on this particular issue, and have been waiting a week or so for a resolution to the last problem. The rest are fairly minor that I feel can be addressed with either a hotfix or the 4.1.2 update. My last problem however is more sever.
As to your specific problem, which type of device appear to be dropped? What all do you have pointed at your appliance? Cisco IDS has always been the problem for us, and if that's it, I may have some tips. I've gotten pretty good at troubleshooting these devices.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :