I have 3 x 4010 sensors monitoring the edge between the internal LAN and the DMZ.
I'd moved all 3 4010 sensors to software version 7.1. All 3 sensors share a common policy and configuration, and all 3 are deployed back-to-back with Websense appliances (2 sensors together, 1 in smaller office)
Of those 3, one of them (the one in the smaller office) has given me an incredibly hard time, conflicting with Websense appliances. Even with no resets configured in the IPS policy, the websense appliances constantly report "connection reset by peer" errors if the sensor is active..the problem goes away if the sensor is in L2 mode.
The problem seems to have started with the os 7.1 upgrade, and wasn`t present with 6.1.
I can't find much in terms of behaviour changes with OS 7.1 vs 6.1, that would cause this behaviour.
I've also heard that 7.1 is the end of software for I series sensors, with 7.5 being M-Series only, because 7.5 code is just too "heavy" for the I series sensors...
So, if 7.5 will definitly be too heavy for I series sensors, could 7.1 being pushing my 4010`s the limit (just barely not-quite-too-heavy)?
Am I better leaving them @ 6.1, and deploying my M-Series sensors to more sensitive network locations?