Requirements Server IDS 4235

Similar Questions

• Internet connection required: Server error: 0x800CCC90, error number: 0x800CCC92

  Original title:

  Windows Mail in Vista

  Can anyone help please.  I tried to open my email this morning - as usual - and it asks me to enter my username and password.  I did it several times but it won't let me and I get as part of the error message: -.

  Internet connection required: Server error: 0x800CCC90, error number: 0x800CCC92

  I have been in contact with the technicians at Microsoft, but apparently they are more supported Windows Mail.  I can access my mail through my e-mail provider, but it's really annoying!

  Internet connection required:

  This has not preceded by a long and complicated URL that begins with https://accounts... ? The idea is that you must click on the link to log in and verify that it is access you your account by filling out a CAPTCHA. Is that what you did? That's happened?

• New at IDS 4235.

  Hello

  can someone tell me how to access the console of the IDS 4235.

  My ID only shows

  ttya login:

  and I'm unable to type anything on this prompt.

  You will need to download the file to image CD ISO of cisco.com.

  Then use a CD burner to create a CD from this ISO file recovery.

  Put the CD in your sensor and reboot.

  It should reboot from the CD and load a new image on the sensor.

  http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=6.0%285%29E3&mdfid=277026258&sftType=Intrusion+Prevention+System+%28IPS%29+System+Software&optPlat=&nodecount=2&edesignator=null&modelName=Cisco+IDS+4235+Sensor&treeMdfId=278875311&treeName=Intrusion+Prevention+System+%28IPS%29&modifmdfid=null&imname=&hybrid=Y&imst=N&lr=Y

• The upgrade IDSM2 and IDS 4235

  I have 12 IDSM2 and 4 ID 4235 managed through VMS, I configured the automatic download of updates of signature but I noticed that S189 was missed.

  Is it possible to apply the latest Service Pack 4.1.5 virtual machines? If so should I just upload the file to the correct directory and apply it as a normal signature update or what method should I use? I need to centrally manage the update process because my IDS systems are all landlocked.

  Thanks for your help,

  Chiara

  VMS has the ability to push updates to the sensor. Updates include service packs, minor versions and updates of the signature. You're right in that VMS uses .zip files to update the sensors. If you use the .pkg file VMS will be error on it towards the sensor.

  Thank you

• The upgrade of Cisco IDS 4235

  Currently, we are conducting 5.1.3 GIS 257. I know I'm behind and want to also include DST updates. If I switch to 5.1.4 or 5.1.5 What is the version that I will need to upgrade to these Service Packs? 5.1.3's 257 enough?

  Thank you

  Dwane

  You can go to 5.1. (5) .. minimum required for this upgrade is 5.0 (1) for users of CLI and IDM. This Service Pack includes the update of the Signature S272. With regard to the IDS/IPS devices, its always preferable to run on the latest versions.

  Kind regards

  Maryse.

• Error on server IDS 4215 TLS certificate VEI

  IDS 4215 5.0 software version not connect with IVE and IME server. "" IOException when trying to get the certificate: java.security.cert.CertificateExpiredException. error message is displayed. How this can be solved?

  Hello

  I think it's easy, please go to the CLI and try the following?

  generate TLS keys

  Let me know the results!

  http://www.Cisco.com/en/us/docs/security/IPS/6.0/Configuration/Guide/CLI/cliTasks.html#wp1036929

  Mike

• Memory and the use of the disc on my IDS 4235 sensor & 4250.

  My ID sensor memory usage shows a use of 99%, and the hard drive is already 5 of the 15 Gig. Here is the log of "seeing the worm."

  With the help of 398913536 of 1980493824 memory available bytes (99% of use)

  With the help of 5 of the 15 bytes of disk space available (66% of use)

  -only the signature of med and high seriousness is enabled. Why the sensor used this memory?

  -Is this the sensor has IDS to a database that stores the logs which causes the hard drive used space? (considering that she has the management of the IDM)

  - Or any other reason why the hard drive used whereas the large drive space is new and operating time is 2 months?

  -Update of the signature file is adults who took over this large space on the HARD drive?

  Hope - could someone give me an idea why is it so.

  As I said earlier, there is not a problem with the use of disk space. Memory usage bug is fixed in the 5.X product not 4.X. However, there are some good bug fixes in the patch of engineering 4.1(4g).

  The number of real memory usage can be determined from the service account by entering the following command:

  Bash-2, $05 free

  total used free shared buffers cached

  MEM: 1934076 1424896 509180 0 18284 1214536

  -/ + buffers/cache: 192076 1742000

  Swap: 522072 0 522072

  The "Mem:" line and the column 'pre-owned' is the amount of memory (in kilobytes) that

  the command reports "show version". However, this total includes the

  amount 'caching '.

  So in the example above, the actual memory used is (1424896-1214536), or

  210360 KB. It is (210360 / 1934076 * 100), or 10.9% of total memory.

• What version of IDS 4235 does not correspond with the event viewer

  Hello

  I have an ID with S37 3.1 (3) and the Event Viewer 3.1 ID (1) S37.

  I upgraded to version 3.1 S39 IDS (3) but, after downloading the IDS EV and respective signatures, EV IDS kept the latest version 1.0000 S37. I didn't sign up for the latest version of signatures S39 (3.1 (1) S39).

  Can someone help explain this.

  The S39 has been updated for emergency. In order to get out as quickly as possible the VEI update was not included.

  This will be fixed with the update of the S40.

• Adding extension to Interface to 4235 4FE - requirements, warnings?

  I'm under version 4.1 (1) S48 on 4235 sensor.

  I want to monitor two separate subnets in the DMZ with a sensor. 4.1 supports several interfaces of promiscuity, it seems that the addition of the 4FE interface card support this well. Bandwidth is not really a concern, these connections are not heavily used T - 1 connections.

  My questions are related to the impact on the sensor. Will there be additional requirements of memory/CPU by adding more surveillance interfaces? I noticed that it also seem to be a new plug-in memory available for sensors, I was wondering if this is related?

  From a point of view of configuration, I assumed that, for the moment, the same signature settings will be applied to all virtual devices (virtual sensor is equivalent to a physical interface of remote sensing)? It is very good for the current application, but I wonder if it is will be supported for different signature by virtual sensor parameters in the future?

  Any reserves, traps, etc. that you can share on the displacement of several interfaces of remote sensing would be appreciated.

  Thank you

  Chad

  Traps to keep in mind:

  4FE card is attached to four 10/100 ports. The standard onboard sniffing port is a 10/100/1000. So be aware of the limit of 100 Mbps on FE 4 10/100 ports.

  Since you are dealing with only T1 lines that won't be a problem for you.

  The performance of the IDS-4235 is based on the total bandwidth of all interfaces combined.

  If I remember correctly the IDS-4235 performance rating is about 250 Mbps.

  So let's say that you plug in 3 interfaces of the 4FE, then 3 interfaces could send up to 300 Mbps of traffic and overwhelm the sensor performance.

  It could be worse if we consider the 1000 Mbps card on board. So, theoretically with all 4 plugged FEs and the edge sniffing plugged as well, you could theoretically send 1.4 Gbps of traffic to this sensor years 250Mbps seriously overwhelm.

  In you case to connect only 2 ports currency limit you the total maximum rate 200 Mbps (still more low whereas you have T1 connections) so it will not be a problem for you, with performances of the 4235 250 Mbit/s.

  With regard to the other CPU/memmory. There is no additional CPU or available for the 4235 memmory. The additional memmory was only for old models of 4210 and 4220.

  You do not need anyway. 250 Mbit/s performance is based on the provided memmory and cpu regardless of the number of interaces since it's overall performance and not by the performance of the interface.

  When version 4.1 is loaded with the 4FE each of the interfaces is usually attributed to "interface group 0" and default is off (stop). You should make sure that the interface you are using are indeed assigned to the "interface group 0" and then activate the interfaces that you want to use (no downtime).

  You are right to assume that version 4.1 supports a single virtual sensor (single set of configurations of signature) which is applied to all interfaces.

  Indeed the virtual sensor is applied to "interface group 0" and all interfaces are placed in group 0. The only group 0 is currently supported for a single virtual sensor is currently supported.

  Support for multiple virtual devices / groups is planned for a future release (could not begin to speculate when that can happen).

  Since a single virtual sensor is used, it is sometimes confusing determine on what interface things occurred.

  Each event lists on which interface the packet that triggered the alert has been detected. SO for example with a sweep of ping host first 4 pings can be seen on an interface but the 5th ping that triggers the alert can be seen on the second interface; This translates into the second interface in the alert.

  Marco

• Premium insurance of Collaboration, and provisioning of VM requirements

  We are currently evaluating the assurance of a privileged collaboration and provisioning for our environment. I'm finalizing the requirements of the VM, but I see conflicting information on the docwiki. Our farm is running VMware 6.0 and I would keep consistent in all areas. A person built insurance 10.5 and commissioning on a VMware 6.0 and had it working well? I see the information on Docwiki below.

  Insurance (Version 10.5):

  support for versions of vmware esxi 4.0, 4.1, 5.0, 5.1, 5.5 =

  Source: http://docwiki.cisco.com/wiki/Virtualization_for_Cisco_Prime_Collaborati...

  Commissioning (Version 10.5):

  decision-making in load of the versions of vmware esxi = 4.x, 5.x, 6.x

  On the other end Cisco first as mentioned guide below shows that small and medium-sized deployments have ESXi 4.1, 5.0 and 5.1

  System requirements - Server and system requirements for the Client

  Privileged collaboration runs on any certified hardware VMware ESXi 4.1, 5.0, and 5.1 installed. Deployment of large and very large models requires ESXi 5.0 or later.

  Source: http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/collaboration/10-5/q...

  Also the docwiki clearly mentions that the version premium insurance starting with 11.1 is supported on esxi 6.0. If this is the case we run handler calls 10.5.2 within our environment, and in the case, we choose to build 11.5 for CPA and CFP would there be concerns or difficulties to integrate with CUCM 10.5. I think not but want to confirm. I would also like to hear thoughts on the CFP, APC version 10.5 supported ESXi 6.0?

  Thanks in advance!

  I questioned the engineering, marketing and the TME teams on the requirements of EXSi and they confirmed that the PCA EXSi versions listed are correct for 10.5.  Isn't that APC 11.0 out they began to test and support 6.x EXSi revisions.

  I have a different point of view on this issue. Why bother running 10.5 when 11.5 last rev for the CFP and the APC? 11.5 supports the towers to CUCM 9.0. We had a lot of problems with versions 10.x (updated the architectures, last minute, adds, etc.) and cleaned up emissions upward with the 11.1 and ensuites.  It is also not a good idea to get too far behind in number of revolutions from the point of view of the update.  Unless you use a cluster of CUCM 8.x (which I think should be the end of support now), you must move to 11.1 PC or later version.

  Concerning

• Software v4.1 IDS will work on IPS-4200 appliances?

  I understand that the software Cisco IPS 5.0 will run on devices of series IDS-4200 (e.g. - IDS-4235).

  Is the reverse true? I can't Cisco IDS 4.1 to run on an IPS-4240 or an IPS-4255?

  Just curious, since I was maybe having to answer the question in house soon...

  Thanks in advance,

  Alex Arndt

  Yes, the 4.1 software runs the 4240/4255.

• Network IDS Sensor/system and retrieval of Images

  Ok.. on this page:

  http://www.Cisco.com/Kobayashi/SW-Center/ciscosecure/IDs/crypto/

  Objective: I want to burn an image from the Images "system and recovering" rather than order a CD from recovery for IDS.

  Issues related to the:

  1 is it possible or not that you must order the recovery CD?

  2. I see that the files under 'System and recovery Images' are in the format tar.pkg. Is this based on Linux or Solaris? Can I use Red Hat Linux to extract this file and then burn it to a CD?

  3. If so, is - anyone know how to extract the file?

  -TKS.

  Answers:

  (1) No, you must order the recovery CD.

  (2) there are 2 types of files: System and recovery.

  The system Images (- sys-) are used only for the installation of sensors that support ROMMON (like the 4215 IDS, IPS-4240 and IPS-4255). The sensors supporting ROMMON have no CDROM drives, and so the image must be tftpd to the sensor through ROMMON.

  System Images are used for recovery after disaster where the compactflash/hard disk from the sensor has been severely damaged or a new white compactflash/hard disk was placed in the sensor.

  Recovery (r) - Inages updated only the probe recovery Partition. They must be installed from a running Application Partition. The .pkg is a special Cisco IDS application-specific extension. There are special methods for unpacking and installation of the unerlying files.

  In ordinary situations the user will constantly update their software to sensor by the normal process of upgrade using large updates (- shift-), minor updates (- min-), Service Pack (sp) - or Signature updates (-- GIS).

  It isn't that where the effective Partition becomes corrupt that a user must always start on the recovery Partition and load a new Partition of Application.

  Most of the users will never update their recovery Partition. Thus, users who have purchased the IDS-4235 for example with the 4.0 software (1) will be a 4.0 (1) recovery Image. If they later upgraded to 4.1 (1) and the experience of corruption then they can always start the recovery Partition and reload 4.0 (1). If they do not want to return to 4.0 (1) provide us a recovery Image to update the Partition recovery to 4.1 (1).

  The only time wherever a recovery CD is really necessary is when the user goes from 3.x, 4.x, because of the drastic change between the 2 versions, or if the recovery Partition has also been damaged, or if you use a blank hard drive.

  3.

  I don't think the recovery or System Images contains the files needed to create a recovery CD. If I just remember additional files have been added to the recovery CD to make it bootable, which were not necessary on the system image or recovery since they were based on a sensor that was already underway.

• Update of signature IDS - MC

  Hello

  I am trying to upgrade my 4250 ID using ID - MC Version 2.01. I downloaded the signature file and placed in the following directory on the server IDS - MC:

  "c:\program files\cscopx\mdc\etc\ids\update.

  I got following error on the progress Viewer when I try to apply this update using ID - MC.

  Local MC: upgrade

  This package seems to be corrupted, or refused permission to read the file. Please check the update package and try the operation again.

  So, I thought maybe corrupted signature file. I have re-download the same signature s146 and I got the same error. I downloaded the same file using different PCs, but I got the same error.

  I checked the file permissions and everything seems OK. I don't know what else to check.

  Altaf

  Hello Altaf,

  try to update with the zip file and not the file pkg. through the mc ID, you must do so only with the zip file... the file pkg can be directly used when you ftp update of the signature to the IDS.

  I hope this helps... all the best...

  REDA

• Installation of IDS OS on hard disc

  I have an IDS 4230 FE and downloaded the software following cisco IDS-42XX-K9-r-1.2-a-4.1-1-S47.tar.pkg, but I am unable to install this on my IDS sensor. Does anyone know how?

  This package will not install on a blank hard drive. It can be used only to convert existing recovery partition a race application partition.

  You will need a recovery CD and will have to start from the CD.

  To get a CD you would need an active Service Cisco for IPS contract of maintenance on the sensor, and then you can order the CD from recovery of $0.

  Understand that the IDS-4230 is not supported with version 5.0 and higher versions of IPS. It is supported only in respect of the IDS 4.1. And is no longer supported for new updates of Signature IDS 4.1.

  I'm not sure it's worth spending your time to get a picture of version 4.1 ID running on your sensor IDS-4230.

  Just make sure it is an IDS-4230 and not an IDS-4235. The IDS-4235 is a more recent and updated signing day always cared for and received.

  You would still, however, need a Cisco Service to date for the maintenance contract of IPS for the sensor to obtain the latest updates for the sensor.

• Deployment device 42xx Cisco IDS network taps

  Hi all

  Someone at - he experiences of deployment of IDS 42xx (4235 and 4215) appliances with network taps (e.g. Finisar UTP IT Tap/1)? I have several of the device IDS deployed a few months back using the taps of Finisar, and thought that it worked fine, until I discovered that I have am capture only one side of the circulation, due to the nature of the taps! It seems that I need to put in another card network on the device IDS (a Cisco 4235), but is - it possible? Is there a way I can turn the power of 4235 on channel binding or Etherchannel?

  The last option, I think if the ideas above are not possible is to put in another switch and reflect the two ports from the tap water, but that doesn't look good for the final cost...

  Suggestions are most welcomed!

  Thank you

  Kian Wei

  Monitoring network taps with a Cisco IDS device is not officially supported by Cisco.

  That said, howewever, several customers have successfully deployed with taps.

  Faucets, as you've seen have 2 outputs.

  If tap is placed on the connection between computers A and B, one of the outputs will be for traffic from A to B, and the other will be for traffic from B to A.

  To analyze the tap water, the sensor will need to see the two outputs.

  You could do this by connecting the taps to a switch and then extending over 2 ports to the IDS sensor monitoring port.

  Or you may be able to use a second interface on the sensor itself.

  The IDS-4235 4250 IDS and IDS-4215 are able to be upgraded with a 4 ports 10/100 card, for a total of 5 ports to sniff.

  If the connection you type is a 10Mb or 100 MB connection, then purchase 4 port 10/100 for the sensor and the 2 tap on 2 of the ports of the NETWORK adapter card.

  NOTE: The sensor combine incoming packets on all interfaces and treat them as if they are part of the same network.

  You just need to place all interfaces in 'Group 0' and select 'non-stop' each sniffing interface.

  Here is the part number for the 4 ports 10/100 cards:

  ID-4FE-INT =

  Refer to the installation guide for more information on how to install the card and to configure the sensor:

  http://www.Cisco.com/univercd/CC/TD/doc/product/iaabu/csids/csids10/hwguide/index.htm

  Now if you type is a 1 Gig copper or fiber optic connection then you will need to buy a switch to combine 2 outputs from the taps and extend towards the sensor sniffing port.

  Cisco currently offers no additional copper Gig cards.

  Cisco offers a map of fiber unique Gig for the IDS 4250 SX port but can't stand not place these cards in the sensor 2.

  Cisco also offers a dual port fiber Gig, known as the XL card. The XL card has hardware acceleration for the monitoring of the faster speeds. However, the XL card does not currently work with taps.

  So if followed by a 10/100 connection then try the 4 ports 10/100 card, but if touching a Gig connection, then you will need a switch to aggregate outputs 2.

  What some users have also done is to use the switch and do not worry with the faucet.

  They connect computer A to machine B to the switch and the switch. Then cover the traffic to the port of the sensor.