Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1097
Views
10
Helpful
2
Replies

New IPS Appliance

rakeshsharma3000
Level 1
Level 1

‎12-30-2004 04:28 AM - edited ‎03-10-2019 01:12 AM

I have seen on Cisco web site about the new IPS device, which seems to different from the IDS devices. Unfortunately, there isnt much information about these devices. My question is: Is this device a proper IPS device, which means does it work by operating in-line, perform true protection, discarding all suspect packets immediately and blocking the remainder of that flow. Or is a marketing FUD created by cisco by using the same technology of IDS which will reset, drop or put access-list or shun the host.

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎12-30-2004 08:08 PM

It is a true inline device, stopping attacks before they begin. They will run the new IPS v5.0 software that the current IDS 4215 and 4250 models will also be able to run, turning them into true IPS devices also (if you want them to be, they can continue as IDS only if you like also). You can read a bit more about it here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_data_sheet09186a008014873c.html

marcabal
Cisco Employee
Cisco Employee
In response to gfullage

‎01-05-2005 09:53 AM

Just a few small clarifications.

The IPS-4240 and IPS-4255 devices were designed for doing true IPS (dropping the attack packets).

They are designed with multiple interfaces required for doing IPS (requires inline monitoring which requires a minimum of 2 monitoring interfaces for each link being monitored).

The memmory and cpu configurations were also chosen with an understanding of what would be needed for IPS monitoring (IPS monitoring is more cpu and memmory dependant than IDS monitoring).

However, as gfullage mentioned, the IPS feature is also dependant on the IPS v5.0 software.

The IPS-4240, IPS-4255, and the IPSv5.0 software were originally scheduled to ship at close to the same time.

But because of delays in IPSv5.0, the IPS-4240 and IPS-4255 are being shipped earlier with the older IDSv4.1 software.

So the IPS-4240 and IPS-4255 can be purchased now in preparation for release of the v5.0 software that will have the features you desire.

The ability to drop the packets is dependant more on the software than on the hardware.

With the IPS-4240 and IPS-4255 running this older 4.1 software they are limited to the v4.1 features (the tcp reset and shunning/blockling).

So you will have to wait until the release of the v5.0 software to get the IPS features that allow dropping of the actual attack packet.

NOTE: The IPSv5.0 software is being primarily designed for IPS monitoring (inline monitoring with the ability to drop the attacks), but can be run in an IDS mode (promiscuous monitoring limited to tcp resets and shunning/blocking).

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card