Sourcefire IPS throughput

Similar Questions

• SourceFire IPS updates

  We are developing a new firewall with IPS SFP modules in them that will be managed by an application of SourceFire Security Center (1500 series)

  I know with the old IPS systems, modules would get their updates of signature directly. Now they get their updates of software and signature of the Management Server? (this would make things a lot easier)

  Hello Colin

  Yes, your Firesight Management Center Gets all the updates rules and Intrusion policies get updated and redeployed to your probes.

  HTH

  Paul

• FireSight/SourceFire IPS licenses

  With my package, I received two orders + protect licenses. They have no expiration in the licenses of the UI part and were a SKU to $0 on the command. I bought only the subscription, no IPS or malicious URL filtering software. However when I create and implement strategies of intrusion in FireSight UI does not complain.

  Is the component functional IPS based on control + protect the licenses that I received?

  Control / Protect licenses should be attributed to modules to ensure all features of the any other feature licenses.

  It is true that they are not necessarily error when you did not. but features can fail in more subtle ways depending on how your policies are made.

• Sourcefire Appliance virtual Fail Open?

  Hello

  Is it possible for sourcefire IPS appliance can fail open? I guess this would be a definite no, but I can't find a reference to this anywhere.

  Thank you.

  It is an emphatic "no"

• SourceFire Cisco

  Hi, someone has some disadvantages-pro between SourceFire IPS (now acquired by Cisco) and run Cisco ASA IPS?

  Thank you, S.

  Hi Philippe,.

  The following link might be useful,

  http://www.Cisco.com/Web/about/ac49/AC0/ac1/ac259/Sourcefire.html# ~ FAQs

• ASA vs Sophos

  We are running a cisco 5510 and seek to update. Recently a company sales person came and give us ground for sophos 650 and wanted to sell us. I have using the cisco long product and find them reliable and as command-line switches, routers and asa etc.

  They said is Sophos

  Performance of the service

  60 Gbps firewall throughput

  IPS throughput 16 Gbps

  AV, 5 Gbps throughput

  20,000,000 concurrent connections

  I want my management to go to the power of fire ASA or cisco x series with IPS and other features. But what I understand is sophos is a small to mid level as cisco asa are large engrprise. kindly could you please suggest sticking with cisco asa (new model asa) will be a good choice or go ahead with sophos. I like the cisco command line and networked cisco for the last year 4 all entered vaule will be highly appreciated.

  Sorry for the late reply but I was actually busy at last minute student :) CCIE

  I reviewed the links so my original notice still stands :)

  -If you look at the NSS labs Brach detection report Sophos is not found while Cisco is high enough

  -If you look at the latest report from Gartner Enterprise Firewall that Sophos is quite low, while Cisco is high enough

  -If you look at the latest report from the Gartner IPS you will see the same

  Another cool thing, Cisco is this support forum. If you have a problem you TACS but also Google :) If you Google a related problem of Cisco, you get hundreds of pages of answers. If you do the same for Sophos you'd be lucky if you get 1 or 2.

  I hope this helps! Good luck!

• Device on the network of the virtual machine online.

  Hello

  Is this possible with VMware Workstation (v7.1.4) to put in place a device that online on the network s? I ve searched for an answer but have not got good ideas how to solve, if possible. I ve found today called transparent bridge, but these discussions have been associated with ESXi that I not use my VM machines on.

  The idea is to implement an IPS that captures the traffic online (two network cards) and not with a passive listening mode unique network card.

  I will attach a layout for you to get a better view of what I want to implement, but basically it s like I want to do :---([eth2] 3D2500 [eth3]) (router)-(switch). Same VM network between router/eth2 and eth3/switch.

  Explanation of the features in the attached presentation:

  Router - running with Ubuntu installed on a host.
  3 2500 - running Sourcefire IPS with interface 4. Management and two for online solution.
  Servers - run Windows XP or Ubuntu.

  Ethernet in the VMX file settings are as follows:

  ethernet0. Present = 'TRUE '.
  ethernet0. ConnectionType = "custom".
  ethernet0.wakeOnPcktRcv = "FALSE".
  ethernet0.virtualDev = "e1000".

  Ethernet1. Present = 'TRUE '.
  Ethernet1. ConnectionType = "custom".
  Ethernet1.wakeOnPcktRcv = "FALSE".
  Ethernet1. AddressType = 'generated '.
  Ethernet1.virtualDev = "e1000".

  ethernet2. Present = 'TRUE '.
  ethernet2. ConnectionType = "custom".
  ethernet2.wakeOnPcktRcv = "FALSE".
  ethernet2. AddressType = 'generated '.
  ethernet2.virtualDev = "e1000".

  ethernet3. Present = 'TRUE '.
  ethernet3. ConnectionType = "custom".
  ethernet3.wakeOnPcktRcv = "FALSE".
  ethernet3. AddressType = 'generated '.
  ethernet3.virtualDev = "e1000".

  ethernet0.VNET = "VMnet4.
  Ethernet1.VNET = "VMnet4.
  ethernet2.VNET = "VMnet2.
  ethernet3.VNET = "VMnet2.

  Does anyone have a good idea how to fix this?

  Best regards

  Carpet

  screenshots don't make sense

  vmnets are hubs - they don't have any IP address by themselves

  If you assign the virtual ethernetcard to a vmnet you actually plug a cable that connects the ethernetcard selected hub

• Techniques need more details 4250XL IPS and IPS-4255

  4250XL IDS launched before the IPS technology, am I right?

  Can I deploy a 4250XL ID as an IPS, if yes, then it's true to upgrade this version IDS 4.1 to IPS ver 5.0

  I add 4 10/100/1000BaseT ports on ID 4250XL.

  Because, I have to deploy IPS to 1 Gbps throughput.

  and I could not find an IPS in CISCO will produce 1 Gbit/s with 4-port 10/100/1000BaseT.

  How many simultaneous sessions support IPS 4200 series.

  How can I use feature Redundant Power Supply on IPS-4255.

  Technical documentation 42xx is linked off the coast of http://www.cisco.com/go/ips. I don't know if IPS 5.0 information is still (it's kinda new). There is no option RPS for the 4240/4255, but recommends the use of a UPS would be justified for packaging line if you have unreliable power.

  There is no provision for failover in the transducer (other than the bypass mode), but there are drawings (I hope bound off the page that I mentioned above) to do network active / standby designs.

  The 4240 and 4255 do not have redundant storage... they have no HDD due to reliability problems. They run a flash and ram disk configuration.

• Module of IPS for router Cisco 3925?

  Hello

  To be compliant HIPAA our society must have an IPS device. I was looking into it and I came across this router module (see link below). We have around 200 users behind the router and we have 2 locations with a similar setup. This module meets our requirement to have a decent IPS solution, my concerns are. It will be able to support a corporate network? Should what factors I take into account during the finalization of an IPS device.

  http://www.Cisco.com/c/en/us/products/collateral/routers/1841-integrated...

  Any idea is appreciated.

  The modules of network and all the 'old' Cisco IPS devices, modules and software are end-of-sales. Here's the announcement confirming that these specific modules.

  For a modest condition like yours, I recommend a small series of ASA 5500-X running in transparent mode with the power module of fire services running the IPS feature. It is less intrusive to your network ("bump in the wire") and only costs it for the features it offers. the exact model would be mainly depends on your current and projected throughput but for up to 50 Mbit/s with active political IPS you would be fine with the smallest model (ASA 5506-X).

  Find a Cisco partner, who has a security practice in your area. They can advise you on the details and provide a quote.

• Custom sigs IPS on IPS solution will END (ASA - CX)?

  Hi people,

  I am trying to determine if it is possible to create custom sigs IPS on the ASA-CX module?  Not ASA + SPI legacy combo, but the ASA + combo ASA-CX (Application detection, IPS, Web filtering).

  I couldn't find anything in the doc that says that this is possible.

  Thank you!

  Neil

  No, these features are not available with the EPI FINIRONT. Cisco currently recommended as the classic IPS (ASA autonomous device module) for customers who need this capability.

  Expect this to change significantly in the coming year, although more the SourceFire as technology is integrated in the ASA product line.

• License FireSIGHT - ASA IPS

  Hello

  I currently installs a virtual appliance of FireSIGHT to manage installed with fire services ASA 2.

  My Defense Center is an appropriate license, using the key PAK I got.

  I bought 2 IPS for two of the ASA subscription licenses.

  I have configured the Manager on both devices of sourcefire and added to the centre of defence.

  Now, my problem is: I can't attribute any IPS policy because there seems to be no licenses installed on the domain controller to be applied to devices...

  My question is: what I have to buy additional licenses for the domain controller for the IPS features (Protection) or do I missed something here? :-)

  Thank you very much

  Kind regards

  Hello

  As Marvin commented, you will have a license CTRL "ASA5525-CTRL-ICA" accompanying the device through a certificate of claim. On the certificate, you should see a number PAK and steps to save to get the license. Please follow these.

  If you have purchased a = L - ASA5525 - TA - LIC, then that gives you the right to obtain updates to signature for CONTROL-PROTECT features. There is no PAK or license for this PID.

  -DD

• SourceFire search individual URL

  Hello

  We are deploying SourceFire, and I was asked to try two peculiarities of reporting/research.  We went just to 6.0.0.0 if that makes a difference.

  Basically, what we find are the following:

  (1) enter a user and find all URLs/IPs access

  (2) enter a URL and find all the users who have accessed this URL (ideally on a specific calendar)

  I tried for a few hours, but could not get either people to work properly.  Any ideas?

  Thanks in advance,

  Hello

  Try the search in the analysis > connections, click on Edit, search for initiator IP and so are looking for.  For the URL, on the search TAB left you have URL option.

  Kind regards

  Aastha Bhardwaj

  Rate if this is useful!

• FW v/s IPS

  Hi, on our production site, we installed ASA 5505 but ASA 5505 does not support the IPS feature. Can I know why we need IPS feature that we can handle all the traffic to and through the firewall. Can you please show the difference in terms of layers as IPS support what type of layer tarffic nd FW too... Thank you

  It all depends on the firewall. Today most commercial firewall offer some "deep packet inspection" (marketing term). So the IPS and Firewall now go all the way up to Layer 7. However, the protection offered by the firewall is usually just base attacks and anomalies. And generally allowing this feature reduced the performance of firewall very considerably, sometimes even reach 10 times lower than the regular performance (throughput, connections per second etc.).

  Concerning

  Farrukh

• IPS two devices with the same UUID

  I have two Sourcefire\Cisco IPS sensors deployed and which have been identified as having the same UUID. As you can imagine, this is causing all sorts of questions. Has he never been seen before, and if so is there a solution?

  -------------------[ SENSOR 1]--------------------

  Model: 3 D 7120 (63) Version 5.4.0.4 (Build 55)

  UUID: 46ffa0d8-4907-11e4-8669-d32acdb6a95e

  Version VDB: 258

  ----------------------------------------------------

  ------------------[ SENSOR 2]-----------------

  Model: 3 D 7120 (63) Version 5.4.0.4 (Build 55)

  UUID: 46ffa0d8-4907-11e4-8669-d32acdb6a95e

  Version VDB: 258

  ----------------------------------------------------

  I've not seen this before.

  I guess you have to remove the two sensors, reinstall their software and add to the Management Center.

• 24 IPS monitor envy: display of 24 issues looking

  I have a monitor of the Envy 24 IPS with display problems.  It seems "cloudy" and there is a line thick pronistique coming down in the middle.  I hung it on my iPad and had the same display issues.  Factory reset already have.  Any help appreciated.  I had the monitor, less than a year and it's been great until recently.

  Good to see that you will get a replacement.