04-25-2007 01:04 PM - edited 03-10-2019 03:34 AM
Hi,
We have installed an IPS 4215 with VMS 2.3.
Since upgrading to ver 6 of IPS I lost some functionality of the Management Console. Could not re-import the IPS sensor.
I have since found out that ver 6 is no longer supported with MC and we need to upgrade to CSM 3.1. That is not too bad but now VMS has gone altogether from the server (after installing CSM 3.1) and we have no reporting at all. I see the only solution to this is to purchase MARS, a very large cost for only one PIX and one IPS sensor.
My questions are:
Why should we upgrade to ver 6, how long is ver 5 going to be supported?
Is there any other way I can get some reporting or monitoring other than MARS? We could use syslog but that is not very functional.
Thank you
Scott
04-25-2007 02:57 PM
I have another question.
Is it possible to run CSM and VMS on the same server?
We still want to use VMS to monitor a PIX.
04-26-2007 04:40 AM
It's not a good idea to try and run VMS on a server with anything else. VMS is slow enough without having another application competing for resources.
04-26-2007 05:42 AM
"Why should we upgrade to ver 6, how long is ver 5 going to be supported? "
It sounds like maybe you shouldn't. The v6 software offers some new functionality, most promising IMHO is passive OS detection and anomaly detection.
As you already noted in another post, you can use the IEV software to monitor events. It looks very similar to the VMS event viewer.
04-26-2007 08:28 AM
In addition to MARS and IEV already discussed, there are other third party tools that can access the SDEE and RDEP output from the Cisco IDS devices and do correlation.
I'm not sure of the appropriateness of discussing them here, so won't go into detail... but it should be acceptable to just note that they do exist; email me if you want to know some more about some of the ones we have looked at.
Thanks!
...Nick
04-26-2007 09:24 AM
There is no offical word from Cisco on the End of Life date of 5.x, but typicaly, Cisco will keep 5.x alive for 18 months after releasing 6.x. Since 6.x was released in November, most folks are planning to be forced into a 6.x migration sometime around May 2008. 5.x will still work after that date, like 4.x and 3.x still do, but Cisco will stop producing signature updates for that version.
04-26-2007 10:33 AM
AS for your question about IPS ver 5 support.
IPS ver 5.1 will continue to be signature update supported until at least June of 2008.
And it will likely be longer than even that.
The official end date of signature update support will not be determined until an official End Of Sale announcement is made, and that has not happened as of yet.
So you can stay with 5.1 for quite a bit longer if you like.
Others have already posted some of the available options for configuration and monitoring.
One option that was not mentioned is to re-install VMS and use the Security Monitor within VMS to do your monitoring. Security Monitor will still work with IPS 6.0. It is just the IPS Management Center of VMS that can not configure an IPS 6.0 sensor.
For configuration you could then either install CSM 3.1 on a separate box, or since you only have one sensor just use IDM for managing the sensor configuration.
05-08-2007 11:12 AM
Marcoa,
Back in December you responded to a post on this topic with the following information, "SecMon monitoring an IPS version 6.0 was tested. The existing SecMon version Can monitor IPS 6.0, but will only show the fields in the alerts that existed in IPS 5.1. SecMon will not show the new fields that are only seen in IPS 6.0. "
Does this caveat still hold true? Thanks for your continued support.
Regards,
Chad
05-08-2007 12:58 PM
Yes,
It was also tested with IPS 6.0(2)E1 as well, and the same still holds true.
SecMon can monitor it, but only shows the alert fields that were available in 5.1 sensors.
08-09-2007 01:50 PM
Installed CSM 3.0.1 and tried to add devices with IPS 6.0 and failed.
Anyone had this problem?
08-09-2007 01:55 PM
You need to use 3.1.
Otherwise it should work.
Scott
08-09-2007 01:56 PM
Check your version of CSM
CSM 3.0.1 does Not support IPS 6.0
CSM 3.1.0 Does support IPS 6.0
Very easy to confuse the 2 versions.
08-09-2007 02:02 PM
Thanks! I will try that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide