IOS IPS -- SDM locks up when changes applied

Similar Messages

• RV042G web console locks up when changing log settings (4.2.2.08)

  Anyone experiencing this issue ? Seems that when I change a log setting like enabling Incoming Log, I can logout but can no longer log in. The web interface hans after logging in and eventually times out. The only workaround is to reboot the router.
  I'm running the latest FW 4.2.2.08.

  Anyone experiencing this issue ? Seems that when I change a log setting like enabling Incoming Log, I can logout but can no longer log in. The web interface hans after logging in and eventually times out. The only workaround is to reboot the router.
  I'm running the latest FW 4.2.2.08.

• IOS IPS Automatic Signature Update

  I will use cisco1941w.
  I'd like to know, how to configure at CLI and where is the URL.
  Is the bellow correct?
  CLI
  Router(config)# ip ips auto-update
  Router(config-ips-auto-update)# occur-at 0 0-23 1-31 1-5
  Router(config-ips-auto-update)# url https://www.cisco.com/cgi-bin/front.x/ida/locator/locator.pl
  Router(config-ips-auto-update)# username XXX password XXX
  URL
  https://www.cisco.com/cgi-bin/front.x/ida/locator/locator.pl

  Hello,
  A. Hete is what the six files do:
  • ios-ips-sigdef-default.xml: contains all the factory default signature definitions
  • ios-ips-sigdef-delta.xml: contains signature definitions that have been changed from the default
  • ios-ips-sigdef-typedef.xml: is a file that has all the signature parameter definitions
  • ios-ips-sigdef-category.xml: has all the signature category information, such as category ios_ips basic and advanced
  • ios-ips-seap-delta.xml: contains changes made to the default SEAP parameters
  • ios-ips-seap-typedef.xml: contains all the SEAP parameter definitions
  B. So the signature file (.pkg) is decompressed into these files and then 'idconf' loads them in memory.
  Hence to copy signature database of one router to the other, we need to copy atleast first 4 files.
  You only need to distribute the SEAP configuration if you modified any of the Signature Event Action Override configuration:
  We do not have one single file that contains all the signatures.  The signature package is installed in a certain way.
  Hence we will need atleast first 4 files to copy of signature database from one router to the other.
  C. Secondly, I dont know if auto-update will accept a file in .xmz package, I have not tested this.
  But I am guessing it will look for a .pkg file and decompress it.
  With copying a .xmz file, you may have to manually load it into memory using 'idconf' command.
  D. Hence there is no one single configuration file that you copy off the external ftp server.
  I guess, the only thing you can do is to have different routers update signatures at different times to reduce load on the network.
  It is also not necessary to check for signature updates every hour.
  Normal rate of adding new signature releases is every few days, so even if you check around once a day that should be ok.
  Sid Chandrachud
  TAC Security Solutions
  Customer support engineer

• IOS IPS and SDM 2.2.a

  Hello everybody!,
  I have installed a Cisco 2821 Router with 12.4(4)T IOS version. And SDM V2.2.a. (enteprise service IOS image).
  The router have 256MB Ram and 64MB flash memory.
  From the SDM Interface cannot upload any .sdf file and cannot edit the signatures and tune de IOS IPS.
  Do you know how i can fix that problem?.
  Thanks for the answers friends.

  Hi,
  To add more info, here is the info on defect filed on SDM for RCP issue and workaround suggested.
  Symptoms:
  Issue 1) Installation of SDM version 2.2a or earlier on a router fails with RCP failure message.
  Issue 2) "Load File from PC" feature of File Management dialog in SDM version 2.2a or earlier
  fails.
  Conditions:
  These issues will be encountered for IOS images 12.4(4)T and above.
  SDM uses RCP for installation operations. This problem occurs because the fix for CSCdu34824 in
  recent Cisco IOS releases has changed RCP behavior. Because of this change, if the RCP client
  uses a non-privileged port , the router RCP server does not respond and the above issues occur.
  Workaround:
  1) For Issue 1 :- Use the copy tftp flash command to copy SDM related files from PC to router.
  2) For Issue 2 :- Use the copy tftp flash command to copy the required file from PC to router.

• When to apply SPAU changes in succeeding sap servers?

  Hi,
  We have finished applying patches in our development server and we have some SPAU trnasports generated.  Now when we apply the patches in the Test server, when is the right time to import the SPAU transports? 
  should it be
  (a) before the patch?
  (b) when SPAU is prompted?
  (c) after the patch queue is confirmed?
  thanks,
  kbas

  Hi All,
  the correct way to hadle modificaton adjustments is as follows.
  1) You are applying SP's in your DEV system.
  2) It would stop at SPDD. Now perfrom the SPDD and lock the changes in the SPDD transport request(TR).
  3) In the same SPDD screen, click on the button "SELECT FOR TRANSPORT" . The button may change in systen with higher release. It would be "ASSIGN TRANSPORT".
  4) Once this button is clicked, assign the transport and click the tick mark. It will ask you the transport is for SP import or upgrade. Click on SP import.
  5) Now the intresting part is once this transport is assigned as SPDD here, a file called umodauto.lst will be crreated in the <DIR_TRANS>/tmp directry with an entry for SPDD transport request. Same should be donw wth SPAU tr also.
  6) No finish off the SPDD in DEV
  7) I n QAS when you will be defining the queue , then you will be prompted to include the adjustment modification request . Now you will have only the option to slect the TR which the SPAM tool would read from the   umodauto.lst file. Includue the TR .
  8) Your SPDD adjustments will be automatically handled in QAS.
  Never import a TR at SPDD phase in a QAS system. This will damage the SPAM tool internally.
  SPDD should be hadled or automatically adjusted when it is prompted. If skipped, then the customer modifications will be lost completley and SAP standard will take over. SPAU can be handled after the upgrdae or SP activity.  SPAU will incluse repoositary objects .So we can juggle with the versions as version management is present . So nothing is lost.
  If you want to know how to handle modifications during the upgrade , check the link
  http://scn.sap.com/docs/DOC-44106
  i will create one for SP import also shortly.
  Cheers,
  Varun.

• When I go to System Preferences Network "Click the lock to make changes",... it ALWAYS UNLOCKED.   That is even if I have locked it before last shutdown. Should it not stay locked until I unlock it again as administrator?

  When I go to
  System Preferences > Network > "Click the lock to make changes",...
  It is ALWAYS UNLOCKED.
  That is even if I have locked it before the last shutdown.
  Should it not stay locked until I unlock it again as administrator?
  PJ  (Pjflyer)

  From the menu bar, select
   ▹ System Preferences... ▹ Security & Privacy ▹ General
  If there's a closed padlock icon in the lower left corner of the preference pane, click it and authenticate to unlock the settings. Enter your login password when prompted.
  Click the Advanced button and check the box marked Require an administrator password to access locked preferences in the sheet that drops down. Then click OK.

• How to Fire Trigger, when changes are applied on destination??

  Hi,
  I want to fire the following trigger at destination, when changes are applied from source table (cms.test_2) to destination table(cms.test_2).
  create or replace trigger Ins_and_upd
  after insert or update of send_status on cms.test_2
  declare
  begin
  update cms.test_2
  set RECEIVE_STATUS = 'YES'
  where UPPER(send_status)=upper('YES');
  end;
  Thanks,
  faziarain

  I am using oracle10g stream replication, and database version is "10.2.0.1.0".
  Basically I have 2 machines named:
  --> Site#1_DB ----> Having Table TEST_2 -----> Columns (BID,DBID,Send_Status,Receive_Status,Final_Status).
  --> Center_DB ----> Having Table TEST_2 -----> Columns (BID,DBID,Send_Status,Receive_Status,Final_Status).
  My Senario example is following:
  At Site#1_DB TEST_2 Table contains the following data:
  TEST_2 is updating and set the YES value in "Send_Status" column, and this change will replicated to Center_DB TEST_2 table.
  BID----------DBID----------Send_Status----------Receive_Status----------Final_Status
  1----------2----------YES----------NULL----------NULL----------NULL
  2----------3----------YES----------NULL----------NULL----------NULL
  3----------4----------YES----------NULL----------NULL----------NULL
  4----------5----------YES----------NULL----------NULL----------NULL
  At Center_DB TEST_2 Table contains:
  In My Senario changes are successfully replicated at Center_DB TEST_2 Table and after replication
  Test_2 table is same on both machines.
  But Now I want to write my given trigger at Center_DB and this trigger will be fired when changes are replicated
  from Site#1_DB to Center_DB.
  BID----------DBID----------Send_Status----------Receive_Status----------Final_Status
  1----------2----------YES----------NULL----------NULL----------NULL
  2----------3----------YES----------NULL----------NULL----------NULL
  3----------4----------YES----------NULL----------NULL----------NULL
  4----------5----------YES----------NULL----------NULL----------NULL
  Output After Firing the trigger at Center_DB:
  BID----------DBID----------Send_Status----------Receive_Status----------Final_Status
  1----------2----------YES----------YES----------NULL----------NULL
  2----------3----------YES----------YES----------NULL----------NULL
  3----------4----------YES----------YES----------NULL----------NULL
  4----------5----------YES----------YES----------NULL----------NULL
  Thanks,
  Faziarain.
  Edited by: [email protected] on Mar 30, 2009 10:00 PM
  Edited by: [email protected] on Mar 30, 2009 10:17 PM
  Edited by: [email protected] on Mar 31, 2009 3:48 AM

• Which interface to apply IOS IPS

  Hello,
  I have IOS IPS installed on 4 routers on our network at different sites.  They are 2911 routers, with 2GB ram and i am using the latest signatures from cisco.  Everything is working fine.  I have enabled the basic signatures.  At the moment the ips policy is only applied to the wan interface and not the lan. So in summary:
  interface serial0/0     (wan link)
  ip address x.x.x etc
  ip ips mypolicy in
  ip ips mypolicy out
  exit
  According to cisco i should not bother applying ip ips mypolicy out on the wan interface (serial0/0) but should have ip ips mypolicy in on the fa0/0
  lan interface aswell as the serial0/0 interface.
  interface fa0/0          (lan traffic)
  NO IPS POLICY IN HERE AT THE MOMENT
  anyone got experience on this?
  regards
  Kevin

  Hi Kevin,
  I would say that you have done the right thing, since router are limited in memory we should not enable a lot of signatures and also try to limit the scanning to traffic that we actually need to be scanned.
  In what you have done any traffic that in entering or leaving the WAN interface will be scanned.
  Now if there are more interfaces on your router and you want the traffic between the interfaces to be scanned as well in that case only you should enable IPS on those interfaces.
  Most of the times it is not needed.
  Regards,
  Sachin

• One Flash CC project gets stuck when publishing in IOS. It will quickly publish as Android, and other projects will publish as IOS. Not sure what to change.

  One Flash CC project gets stuck when publishing in IOS. It will quickly publish as Android, and other projects will publish as IOS. Not sure what to change.

  Thanks for the info.
  I've recently stumbled on an article on how to view the packaged file (apk) published using AIR 3.2 for Android setting (Adobe Flash CS6). All you need to do is change the extension of the file from (.apk) to (.rar) or (.zip) and extract the file as you would with any other zip or rar file. I was able to confirm that the packaged file (apk) indeed contain all the videos for the presentation. I have more than 80 videos in the presentation. All videos included in the package are of the same video format and resolution (FLV 320x240) but of different duration. I intentionally included the all the videos inside the package so I can use the presentation anywhere and anytime without the need to connect to the internet. The packaged apk file size is (1.23GB) the file includes the project's swf and xml file, the component swf and videos.
  When installed to android I noticed that the package remained as an apk file. Not really sure if android temporarily unpacks it when you run the app.
  Testing phase:
  I see no problem when I'm testing the project on my desktop computer. But when packaged and installed on my device the problem arise.
  Problem:
  I'm able to install and run the app on my device but wont play some of the videos included in the package.
  Was this due to the limited RAM or processor of my android device?
  I wanted to distribute the presentation to friends so i was trying to package it for easy access and installation on their device.
  Alternative Solution:
  I installed a third party app called SWF player by BIT LABS. Copied all the files to my device (the project's swf and component swf with the videos). The project worked like a charm the player (SWF player) and was able to run the presentation as if it was running of my desktop. All buttons and videos working properly. Although the alternative solution worked for me I still wanted to package the presentation for easy access and distribution to friends.
  Please help...Thanks in advance.

• Ipad 3 locks up when typing in gmail since loading ios 8.  Any solutions?

  ipad 3 locks up when typing in gmail since loading ios 8.  Any solutions?

  Hey JoeiPod14, The battery meter whether you use the icon (which is better and uses less power) or the percentage, shows you the battery life remaining based on current power use. In others words as Illaass has stated it will fluctuate wildly. Example: You turn on your iPod it shows 90%, start gaming, let's say it's an online, high end graphics game. Your percent drops quickly to 65%, then you stop the game and start listening to listen to music on your iPod and the percent goes back up to 80%. In each case, the battery meter is showing you how much battery you life you have based on what you were doing at the time. Bottom line the harder the iPod has to work, the less time you will have to work / use it before the next charge. (I know-- duh!) Think of your battery meter as a gas tank gauge, it does not tell you when or where you will run out if gas or this case power only that it is close, if near empty. Oh, your question why it drops, even when I the charger, I assuming your iPod / iPhone was a sleep, powered down-- not working the CPU very hard, when you wake the device up there is power draw, so you see the fluctuations you have described, once the power surge stabilizes you get the current percent. Hope this helps. Cheers.

• Photoshop document with smart objects changed when I apply color profile. Why?

  I work in Photoshop with smart objects. When I apply color profile smart object are changed. For example change filter or change size. I dont now why?
  See image

  Yes, fortunately, I am a Windows user, but I don't want to start a religious war here And it is also possible to run multiple versions of Adobe products simultaneously under Windows - why shouldn't that be possible? Currently I have CS3 and CS4 and somtimes use CS3 when CS4 is just too buggy to get the job done. Before that I had CS and CS2 on the same machine.
  But I wouldn't keep all versions back to PS 6.0 or CS, that would be a bit too chaotic and I'd had to spend days of installing if I get a new computer. I expect those programs to be a little bit backwards-compatible, so I don't have to use many different versions. And for Photoshop, this is mostly the case. It's just very tiny details like Smart Object resizing that seems to work differently.
  Otherwise I'm really happy that in CS4 I can finally link Masks to smart objects and apply warp and perspective on them, that's a big plus!

• Please advise how I can register my Photoshop Starter Edition when I apply I do not receive an unlock code so I am unable to continue to use the program and all my photos are locked in, please advise, thanks John

  Please advise how I can register my Photoshop Starter Edition when I apply I do not receive an unlock code so I am unable to continue to use the program and all my photos are locked in, please advise, thanks John

  Please refer to the appropriate Forum, this one is dedicated to Photoshop proper.
  Photoshop Album Starter Edition

• TS3694 Ipad  locked up when doing iOS upgrade .  Screen shows iTunes logo and connector    . Any suggestions on how to reboot/ restart

  iPad locks up when doing iOS upgrade. Screen shows iTunes icon and connector. System will not power up or restart. Any ideas?

  FORCE IPAD INTO RECOVERY MODE
  1. Turn off iPad
  2. Turn on computer and launch iTunes (make sure you have the latest version of iTune)
  3. Plug USB cable into computer's USB port
  4. Hold Home button down and plug the other end of cable into docking port.
  DO NOT RELEASE BUTTON until you see picture of iTunes and plug
  5. Release Home button.
  ON COMPUTER
  6. iTunes has detected iPad in recovery mode. You must restore this iPad before it can be used with iTunes.
  7. Select "Restore iPad"...
  Note:
  1. Data will be lost if you do not have backup
  2. You must follow step 1 to step 4 VERY CLOSELY.

• IOS IPS for blocking IM and P2P

  Any recommendations on the best way to use IOS IPS to stop P2P and IM?
  I set up a 3845 with 12.3(14)T1 to do this by importing signatures from the latest SDF using SDM. I used the attack-drop, and all IM and P2P signatures I could find. I changed them all to drop and reset. I then applied it to the inside interface of a 3845. I also set up nbar with a drop policy for all P2P traffic.
  The configuration caused very slow web response time for users, including blocked pages. Removing the IPS filter made everything work properly again. The router also stopped rebooting periodically.
  Is there a recommended way to set this up that does not cause slow performance and reboots?

  OK, went back and loaded some upgraded software. Now using 12.4.1 Advanced security IOS on the 3845, and SDM 211. The new 256MB.sdf signature file has all the IM and P2P signatures in it already!
  After applying the IPS inbound on the serial interface, I changed the UDP signatures action to drop and the TCP to drop/reset.
  Everything appears to be working beautifully. Yahoo and MSN messenger get dropped, as well as the peer to peer requests. I am unable to download Bittorrent. Web access is fast, and there is no hesitation by the router in configuring the IPS.
  This appears to be a great solution so far.

• IOS IPS

  If the IOS IPS pkg file is 7MB and after I do a copy tftp://xxx/xxx.pkg idconf, where does the file go? I don't see anything on the flash other than the .xml config files.
  Any thoughts?

  First, please take a look at http://www.cisco.com/en/US/products/ps6634/products_white_paper0900aecd805c4ea8.shtml.
  In summary, the copy command follow the following process:
  1. load signature from outside server
  2. parse it and read into memory
  3. save out to the directory configuration as the ips location, in normal cases, it would be the router flash.
  When save the files out, it will save into multiple files in a compressed format, even it has a .xml extension, it is compressed.
  Here are the files got saved out:
  . -sigdef-typedef.xml
  type definition files, defines the engine parameters etc.
  . -sigdef-category.xml
  signature category file. Just a mapping file map the category to signature IDs
  . -sigdef-default.xml
  Signature file. Contains all signatures and their parameter definitions
  When management by CSM/SDM, it also will save out couple of other files:
  . -sigdef-delta.xml
  Contains all signature modification information other than the default in sigdef-default.xml
  . -seap-delta.xml
  Contains all the SEAP configuration changes
  . -seap-typedef.xml
  SEAP type definition file.
  Thanks,
  -Chris