Re: IPS Feature on Select Routers and Firewalls

eholyst01 · ‎05-15-2012

My first question is what is the difference in the IPS feature on a RVS4000 router and a SA 500 series firewall when the rvs4000 does not require a yearly sub and the sa 500 series does?

Also is there currently a cisco product that does IPS and can handle a 50Mbps connection without trottling it?

doug_counsil · ‎05-15-2012

RVS4000

IPS signatures are generic
IPS signatures are not configurable at all
IPS signatures are updated roughly around once a year
IPS is a free feature
Turning on IPS is resource intensive and brings your maximum throughput down to roughly ~22 Mbps

SA500 Series Routers

IPS signatures are less generic
IPS signatures are configurable in the sense that you can ignore, track, or track and act upon the each signature individually
The IPS signatures are updated roughly around four times a year
IPS is a paid for feature
Turning on IPS is resource intensive and brings your maximum throughput down to roughly ~22 Mbps

ASA and Above Routers

IPS signatures are robust
IPS signature are completely configurable for the most part
The IPS signatures are updated roughly once a week
IPS is a paid for feature that requires an extra piece of hardware
Turning on IPS is resource intensive and but depending on the extra piece of hardware you purchase the sky is the limit in regards to throughput!

I hope this helps. Anyone feel free to correct me if I'm wrong.

eholyst01 · ‎05-15-2012

So in looking at cdw.com website for the asa5505 is the firewall edition bundle is that what would be considered the IPS featured firewall then?

doug_counsil · ‎05-15-2012

You just surpassed my level of expertise. You need to ask this very question in the following forum:

https://supportforums.cisco.com/community/netpro/security/intrusion-prevention?view=discussions

Good Luck!

cindy toy · ‎05-16-2012

I have moved this post from Small Business Security to the current location.

Regards,
Cindy Toy
Cisco Small Business Community Manager
for Cisco Small Business Products
www.cisco.com/go/smallbizsupport
twitter: CiscoSBsupport

Regards, Cindy If my response answered your question, please mark the response as answered. Thank you!

Todd Pula · ‎05-18-2012

For the ASA 5505, you will need to look at a bundle that inclues the SSC-5 IPS hardware module. The link below provides additional details regarding the various bundles and SKUs available.

http://www.cisco.com/en/US/customer/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_bulletin_c25-528621_ps6120_Products_Bulletin.html

eholyst01 · ‎05-19-2012

Ok so take newegg for example they have several of these under 1k but I am not sure other than users what makes them different.

http://www.newegg.com/Product/Productcompare.aspx?Submit=ENE&N=-1&IsNodeId=1&Description=asa%205505&bop=And&CompareItemList=-1|33-120-073^33-120-073-02%23%2C33-120-076^33-120-076-S01%2C33-120-072^33-120-072-08%23%2C33-120-135^33-120-135-TS

Users would be IP addresses that it is talking to on the local network that it considers users?

Also the link you showed me refers to a "K8" and "K9" for both the 50 and unlimited user bundle. Then the unlimited user one has a security plus license bundle. These security plus things those are part of the software that would run on the users machines? like the trend micro application?