cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

261
Views
9
Helpful
1
Replies
Highlighted
Beginner

IDS4210 Upgrade

I am using IDS4210 with ver4.1 with 512MB memory.Can I upgrade to ver5.If I upgrade to 5 does it will work as IPS?.If not is there any other advantage on ugrading to ver5.

Thnks in advance

1 REPLY 1
Highlighted
Rising star

The official Cisco position is that a 4210 will not work as an IPS.

Looke here:

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_guide_chapter09186a008043d783.html

and here

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_qanda_item0900aecd8029e8de.shtml

A few excerpts from the second link:

Q. We have a Cisco IDS 4210 Sensor. Will the new software run on it, and what would be needed to manage the device with the new software?

A. Cisco IPS 5.0 software supports the 4210. Inline functionality, however, is not supported on the Cisco IDS 4210 Sensor.

Q. Will an existing Cisco IDS 4200 Series Sensor be able to provide the Inline packet monitoring with version 5 software?

A. The answer depends on the specific sensor and added cards. The sensor must be supported in version 5.0, and must contain at least two sensing interfaces that can be paired together for an inline interface pair. Cisco IDS 4210 is supported in version 5.0, but contains only one sensing interface. Cisco IDS4220 is not supported in 5.0 IDS and 4230 is not supported in 5.0, but IDS 4235 is supported in 5.0 Inline if the 4FE card is installed, or if a single-Gig TC PCI card is installed. Cisco IDS 4250 is supported in version 5.0 Inline if the 4FE, Gig TX PCI card, two of the SX PCI cards, or the XL card is installed. Cisco IPS 4240 is supported in version 5.0, Inline supported (it has four sensing interfaces). IPS 4255 is supported in version 5.0, Inline is supported (it has four sensing interfaces). IDSM-2 is supported in version 5.0, Inline supported (it has two sensing interfaces). NM-CIDS is supported in version 5.0, Inline not supported (only one sensing interface).

The best reason to still upgrade to 5.0 on a 4210 is performance. I saw false positives practically disappear, fewer malicious attempts got through and it is a lot harder to evade.

I also seem to recall seeing people claiming to have added a second interface on a 4210 to make it an in-line device and was able to get it to work but not 100% sure.

Anyone else with some input?

Hope this helps.

Please remember to rate all replies

Content for Community-Ad