Signature recommendations for ASA-SSM-10

hi, I was wondering if anyone has recommendations on what sigs to enable on the ASA-SSM-10.......I know.... to a certain extent, 'it depends'  on your individual environment.  But I think it must be the case that there are some disabled sigs that are good to enable..right?  I was hoping to tap into the 'group mind' on what works well.
Also, why not enable all?  I am assuming the ASA-SSM-10 probably cannot keep up with that level of inspection??
thanks in advance

androdri,
  Thanks for your reply.  I have some followup questions.
1.  I noticed that any signature that is disabled is listed as retired....does retired mean disabled or something else (like not needed any more).
2.  it seems like most of the malware sigs are disabled, i would think that if you are in a user environment, you would want those on, is there an example of a situation that you would not want them on....how do you know if you have a problem if you don't look.
thanks

Similar Messages

  • Signature Updates for AIP-SSM 10

    Hi all how can i obtain Signature Updates for AIP-SSM 10 where i am having 60 day trial license with me

    Here is the main file download page for the IPS sensors.
    Find the section for the version you are running and click on the Latest Signature Updates link to take to you to the download page for signature updates.
    You can then download which ever signature update you want.
    NOTE1: Each Signature Updates contains all signatures from previous Sig levels. So you only need to download the latest one.
    NOTE2: Each signature update has a specific E (Engine) level requirement. You can execute "show ver" on your sensor to determine if it is at an E1 or E2 level. If it is at E1 and you want the latest sigs that require E2 then you will first need to install the E2 upgrade.
    On that main download page look for the "Latest Upgrades" link for your version, and look for the IPS-engine-E2-req-X.X-X.pkg file where the X.X-X matches your sensor version.
    If there is not an X.X-X matching your sensor version, then you may need to upgrade the software version for your sensor as well.
    NOTE3: Many of these links will also require an account on cisco.com. And for some of these files that account may also need to be verified for being from a country where the USA's export restrictions allow downloads for encryption. (Most countries qualify but you do have to go through that qualification step). It has been over 10 years that I have had do this so I am not sure of the latest procedures for getting an account or validating it for encrpytion downloads.

  • IME connection requirements for ASA-SSM module

    I am looking into monitoring an IPS device at a remote site over the internet. I would like to install IME at my main site and have IME connect to the SSM module at the remote site over the internet.  Can anyone offer advice on the TCP ports required (is it simply tcp 443) and if this is advisable?  Any ideas on how much traffic this would generate over the internet connection?
    My thoughts are that I could create a static translation on the ASA for the IP address of the management interface of the SSM module and restrict access through the ASA to my main site public IP address.
    Any assistance is much appreciated.

    Hi,
    All you need is to open up TCP/443 for the IME to be able to successfully connect. So, you can have a static for the SSMs management IP address on TCP port 443 and put in an access-list entry to allow that traffic.
    I am not really sure of how much traffic this will take up but it should not be much.
    Hope this helps. let me know how it goes!!
    Thanks and Regards,
    Prapanch

  • Download signatures for ASA-SSM-10

    I have a couple of  ASA with some SSM-10 and SSM-20 modules. My CSM is currently not working on the auto update side and i'm a bit behind on the updates till I  figure out what's the issue.. Can somebody tell me what link can I manually downoad the signatures the how to update it from either IDM or IME pertaining to a SSM-10/20 ?
    My last update history shows.
    Upgrade History:
    * IPS-sig-S535-req-E4       04:55:41 UTC Sat Dec 11 2010
      IPS-sig-S537-req-E4.pkg   04:55:33 UTC Wed Jan 05 2011
    so these are the signature trains I'm after..
    thanks

    The download URL was posted in the above reply (and can also be found in the IDS/IPS - Quick Links document). As far as installing the update via IME: You can do that by navigating to IME's Configuration > Sensor Management > Update Sensor section. From there, check (select) the radio button next to Update is located on this client, then click the Browse Local... button to select the file, and finally click the Update Sensor button to transfer and install the update.

  • Obtaining hardware and signature support for AIP SSM-10

    We have a 5510 which we have purchased an AIP SSM-10 card for the ASA which is already under a support contract. We now wish to add hardware maintenance for the new AIP SSM-10 card as well as signature updates. Our Cisco supplier will not confirm that we will receive signature updates with the hardware support though (we have been trying to get an answer from them since June or July now).
    Could someone let us know what the correct part number is so we can ask for the specific option that will provide both hardware cover and signature updates.

    i think this is what you need,
    CON-SU1-AS1A1PK9
    IPS SVC, AR NBD ASA5510-AIP10SP-K9
    cisco smartnet support

  • CPU OID MIB for ASA-SSM-10

    Hi,
    I want to use our SNMP server to monitor our IPS modules CPU and Memory, does anyone knw the OID(s) I need to use?
    Thanks

    That's frustrating, the IPS specific MIBS are not in the Cisco MIB locators:
    For non-IOS
    http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
    For IOS
    http://tools.cisco.com/ITDIT/MIBS/MainServlet')">http://tools.cisco.com/ITDIT/MIBS/MainServlet
    But if memory serves, the IPS sensors support the standard enterprise MIB, so the OID should be common.

  • Installing signature update for IDSM-2 on AIP-SSM

    Hi every one,im not sure about this question but i think its beter to ask you experts.i want to know that if i have signature update for example for my IDSM-2 can i instal this sig update on my AIP-SSM --> suppose that IPS software on both devices are same and also i have installed valid license key on AIP-SSM.now can i do this or no? and i know that if you have not valid license installed on IDSM-2 you cant instal any sig update on IDSM-2 but what about AIP-SSM?i mean can i instal sig update on AIP-SSM without installed valid license key on AIP-SSM? thanks

    There are 3 main types of Signature Updates.
    1) IPS Sensor Signature Updates
    2) CSM Signature Updates for IPS Sensors
    3) IOS IPS Signature Updates
    The IPS Signature Update filename is in the form: IPS-sig-Sxxx-req-Ey.pkg
    This is most likely what you are referrnig to in your post. This file can be installed on ANY IDS/IPS Appliance or Module.
    The Requirement here is not the platform but rather the Engine Level. The "req-Ey" portion of the filename tells you that the sensor must already be running the "y" Engine level of software.
    So an IPS-sig-S436-req-E3.pkg file can be installed on any IDS/IPS Appliance or Module so long as the software on that sensor is an "E3" version.
    The CSM updates, are signature updates for the Cisco Security Manager. They contain special files that CSM uses to update itself, and then also included within the CSM update is the actual sensor update described above. CSM unpackages the CSM update, updates itself, and then uses that embedded file to upgrade the actual sensor.
    The third type of file is for IOS Routers loaded with special IOS software that has the special IOS IPS features where the Router itself (instead of a separate IDS/IPS module) does the signature monitoring.
    These IOS IPS Signature Updates get installed on the actual router, and are not installed on the IDS/IPS Sensor Appliances or Modules.
    So in answer to your question, yes the same Signature Update for your IDSM-2 is the exact same Signature Update for your SSM modules.
    The exact same file is available through multiple different paths on cisco.com. But it doesn't matter through which cisco.com path you downloaded the file you can still install it on all IDS/IPS Appliances and Modules.
    As for licensing, the license works the same on all IDS/IPS Appliances and Modules. A license must be on the sensor for the Signature Update to be applied.
    NOTE: A Trial License is available from cisco.com for new sensors to allow you time to get everything setup correctly for your sensor to be covered by a service contract, and get the standard license from the service contract.

  • ASA SSM IPS module upgrade won't work

    Hello all,
    I'm trying to upgrade the IPS sig's on an ASA5520 with a SSM IPS module. I'm trying to upgrade the system to 5.1.1 to further upgrade the device with no luck.
    I followed these steps provided by Cisco.com:
    1. Log in to the ASA.
    2. Enter enable mode:
    asa# enable
    3. Configure the recovery settings for ASA-SSM:
    asa (enable)# hw-module module 1 recover configure
    NOTE: If you make an error in the recovery configuration, use the
    hw-module module 1 recover stop command to stop the system reimaging
    and then you can correct the configuration.
    4. Specify the TFTP URL for the system image:
    Image URL [tftp://0.0.0.0/]:
    Example:
    Image URL [tftp://0.0.0.0/]: tftp://10.20.30.40/IPS-SSM-K9-sys-1.1-a-5.1-1.img
    5. Specify the command and control interface of ASA-SSM:
    Port IP Address [0.0.0.0]:
    Example:
    Port IP Address [0.0.0.0]: 11.21.31.41
    6. Leave the VLAN ID at 0.
    VLAN ID [0]:
    7. Specify the default gateway of the ASA-SSM:
    Gateway IP Address [0.0.0.0]:
    Example:
    Gateway IP Address [0.0.0.0]: 11.22.33.44
    8. Execute the recovery:
    asa# hw-module module 1 recover boot
    9. Periodically check the recovery until it is complete.
    NOTE: The status reads "Recovery" during recovery and reads "Up" when
    reimaging is complete.
    AFter #8 it just goes back to the enable prompt. A 'sh module' lists the device as 'recover' and hangs FOREVER.... I tested the TFTP server which the new image resides on, and the TFTP is working fine. I don't see any attempts or downloads from the TFTP server for over an hour.
    I opened a Ciscop TAC on this and not receiving alot of help...
    Please help!!!:)
    Thanks
    Chris Serafin
    [email protected]

    The recovery using this method can takes upwards of 30 minutes, and in some cases even longer.
    How long have you left the SSM in the "recovery" state?
    There may be something wrong in the config you entered. when that happens the SSM can go into a continuous reboot cycle trying to do the recovery.
    Execute "debug module-boot" on the console of the ASA.
    The debug output will show you the ROMMON output of the SSM itself. (The SSM has it's own ROMMON. The recovery boot command sends the settings made during the recover configure command to the SSM's ROMMON).
    If the ROMMON is experiencing a problem in trying to download the tftp image you should now see that ROMMON error message.
    Some typical problems I have seen:
    1) Wrong IP given for the sensor.
    2) Wrong IP given for the gateway (the gateway must exist on the same network as the sensor) this problem usually happens when using a non-standard netmasked network.
    3) Not having the sensor's command and control port plugged into the right network. The external port of the SSM itself is where the IP is being applied. You need to ensure that the extenral port of the SSM is plugged into the right network for that IP.
    4) The tftp server is not reachable from the network where the sensor's command and control port is attached. Some users think that if the ASA itself can reach the tftp server that the SSM will also be able to. This is not always the case. It is best to use a tftp server on the same network as the IP provided to the SSM. Or to test the tftp server from another machine on the same network as the SSM.
    5) The file name is wrong. Check the captialization especially.
    6) The file is not in the default directory on the tftp server. If the file is in a subdirectory you will need to add that subdirectory to the URL:
    tftp://10.20.30.40/subdirectoryname/filename
    7) The tftp is timing out.
    There are 2 things that can cause this:
    a) The tftp server is remote, and it takes too long to download the file. The ROMMON does have limits on the number of retries and per packet timeouts (but they are not user configurable). Try using a tftp server local to the SSM.
    b) The switch that the SSM connects to has spanning-tree running and spanning-tree does not complete before the SSM ROMMON times out for the tftp attempt. The tftp attempt happens immediately upon ROMMON startup and link up. But with a switch the switch port may be in a "Listen" or "Learn" state for 40 seconds before the box can actually talk on the network. In some cases the tftp download attempts started as soon as link up, and may timeout even before the spanning-tree completes. To work around this configure "spanning-tree portfast" on the switchport. Spanning-tree will connect the port into the vlan immediately rather than 40 seconds later.
    If it was a config problem when configuring the recovery settings, then there is a "recover stop" command on the ASA.
    It will stop the reboot cycle from happening.
    Let the module come up with the old image.
    Then correct your "recover configure" settings, and try the "recover boot" again.
    Another alternative:
    Stop the recovery "recover stop"
    Let it boot into the old image.
    If it was a 5.0 version, then you can actually upgrade to 5.1 using the sensor's own CLI "upgrade" command. It is actually the preferred method.
    The "recover" from the ASA will wipe the box clean and load a fresh image.
    The "upgrade" from the sensor will convert your 5.0 config into a 5.1 config while installing 5.1.
    5.1 upgrade file:
    IPS-K9-min-5.1-1g.pkg
    http://www.cisco.com/cgi-bin/tablebuild.pl/ips5
    It can be applied through the sensor's CLI upgrade command, or pushed directly through IDM, or applied by CSM.
    The "recover" should be limited to disaster recovery. When you can't access the SSM at all, or the files on the SSM have been corrupted.
    For normal upgrades you want to use "upgrade" files done through the sensor itelf (CLI, IDM, or CSM).

  • LMS 4.0 ASA-SSM-10 Sync archive

    Hello.
    During Sync archive for ASA-SSM-10 which is installed in ASA 5505 device I received the error:
    *** Device Details for Cisco ASA IPS ***
    Protocol ==> Unknown / Not Applicable
    Selected Protocols with order ==> Telnet,SSH
    Execution Result:
    RUNNING
    CM0151 PRIMARY RUNNING Config fetch failed for Cisco ASA IPS Cause: TELNET: Failed to establish TELNET connection to 172.26.22.32 - Cause: Authentication failed on device 3 times.
    SSH: Failed to establish SSH connection to 172.26.22.32 - Cause: Authentication failed on device 3 times.
    Action: Check if protocol is supported by device and required device package is installed. Check device credentials. Increase timeout value, if required.
    The connection to this device (ASA-SSM-10) is possible with SSH protocol with Putty and with SecureCRT. What has to be change in the LMS to sucess with Sync archive and later with changing the archive with the LMS 4.0. Thank you.

    Post the show ver of the device and we can verify if its supported or not and the OID as well.

  • ASA-SSM-10 Signature Update Errors Messages

    Hello,
    I am getting error messages on ASA-SSM-10 IPS. It has following configuration:
    Model:   ASA-SSM-10
    Hardware version:   1.0
    Firmware version:   1.0(11)5
    Software version:   7.0(7)E4
    App. version:       7.0(7)E4
    Here are error messages:
    evError: eventId=1334244240891143986  vendor=Cisco  severity=error  
      originator:  
        hostId: sensor 
        appName: mainApp 
        appInstanceId: 357 
      errorMessage: No installable auto update package found on server  name=errSystemError 
    evError: eventId=1334244240891141857  vendor=Cisco  severity=error 
      originator:  
        hostId: sensor 
        appName: mainApp 
        appInstanceId: 357 
      errorMessage: could not parse cisco-locator-server response  name=errSystemError 
    evError: eventId=1334244240891142089  vendor=Cisco  severity=error 
      originator:  
        hostId: sensor 
        appName: collaborationApp 
        appInstanceId: 489 
      errorMessage: A global correlation update failed: Receive HTTP response failed [3,212]
    Messages, like this one, in the category - Reputation update failure - were logged 1 times in the last 105245 seconds.  name=errUnclassified 
    evError: eventId=1334244240891141325  vendor=Cisco  severity=error 
      originator:  
        hostId: sensor 
        appName: mainApp 
        appInstanceId: 357 
      errorMessage: could not parse cisco-locator-server response  name=errSystemError 
    Actually IPS is doing signature and Global Correlation updates, but form time to time I see  these error messages. Do you have any information what could it indicate.

    Hello Giorgi,
    Sometimes it may be server saturation, other connection problems proxy and so on. I recommend you to not put the hour for auto update to an exact time ie 2:00 PM or 1:00 AM try putting not even numbers like 9:17 or 10:41, and see if you continue getting these errors.
    Mike

  • Updating License & Signatures on ASA-SSM-10

    Hi,
    Does the same options are used to:
    updating IPS License and updating signatures on ASA-SSM-10?
    Actually i updated license file received from cisco licensing team:
    using IDM 6.0 > licensing option > update license > file location:
    and I was trying to update signatures using same options (as i dont find seprate options to update signatuers) but it gives error:
    Invalid license etc.,
    could anyone guide.
    Thank you.

    In the Update Sensor pane, you can immediately apply service pack and signature updates.
    Update Sensor Pane Field Definitions
    The following fields are found in the Update Sensor pane:
    •Update is located on a remote server and is accessible by the sensor—Lets you specify the following options:
    –URL—Identifies the type of server where the update is located. Specify whether to use FTP, HTTP, HTTPS, or SCP.
    –://—Identifies the path to the update on the remote server.
    –Username—Identifies the username corresponding to the user account on the remote server.
    –Password—Identifies the password for the user account on the remote server.
    •Update is located on this client—Lets you specify the following options:
    –Local File Path—Identifies the path to the update file on this local client.
    –Browse  Local—Opens the Browse dialog box for the file system on this local  client. From this dialog box, you can navigate to the update file.

  • Configure ASA-SSM-10 for Syslog

    How to configure syslog on the following IPS module ?
    I need to send logs from this sensor
    Platform: ASA-SSM-10
    Build Version: 7.0(4)E4
    Os Version: 2.4.30-IDS-smp-bigphys
    Can anybody advise me on this.
    Regards,
    Rohit

    Do you need the syslogs to be sent or the Events.
    IPS sensors do not support syslog forwarding.  Syslog is fairly
    restrictive in size of messages and is not secure or reliable.
    sensor does support sending of events using SNMP
    (again with the same sets of restrictions:  not full data, clear text,
    not reliable).
    There is a physical ability to send events as traps.  It isn't
    recommended for many reasons (or lets say it isn't recommended in the
    same way that monitoring using SDEE is).  SNMP trap receivers generally
    aren't built to handle, say 200 events per second per device.  The
    sensor isn't capable of sending at the same event rate as it is with
    SDEE.  The traps are in clear text and are not reliably sent.  They
    don't contain the same amount of info as an SDEE event, and can't.
    If you need the events to  be sent to a database you can run cisco IME which can collect all the events generated by the IPS.
    Hope this helps.
    Sachin

  • Cisco IPS SSM 10 Sensor can't update signature file from ASA 5510

    Cisco ASA 5510 IPS Firewall with ASA-SSM-10 Module.  I am trying to do a manual update of the signature file and get the following error:
    Error: execUpgradeSoftware : couldn't connect to host
    I have confirmed that I can ping the ftp server successfully from the ASA and the command I am trying to use from the configure terminal of the module is:
    upgrade ftp://[email protected]//IPS-sig-S813-req-E4.pkg
    I have also tried via http and it does not work as well.  Any thoughts?

    to connect to ftp there should be username usually anonymous and password whitch can be any. check in ftp server
    aip_ssm_card# copy  ftp://192.168.15.12/JAF1308ARNJ_20131009032200919.lic license-key 
    User: anonymous
    Password: *********
    the username and/or the password are incorrect
    aip_ssm_card# copy  ftp://192.168.15.12/JAF1308ARNJ_20131009032200919.lic license-key 
    User: 123
    Password: ***
    File opening error
    I made special user 123 on ftp server with password 123
    aip_ssm_card# copy  ftp://192.168.15.12/JAF1308ARNJ_20131009032200919.lic license-key 
    User: 123
    Password: ***
    aip_ssm_card# 
    and dont forget to rate post

  • How to buy license? for AIP-SSM-10 ?

    Hi all
    how to buy license? for AIP-SSM-10 ?
    1. CON-SU1-AS1A1PK9 this is Cisco SMARTnet Support for AIP-SSM-10
    2. do I need smartnet for ASA ?
    3. what is part number of license ?
    ASA5510test# session 1
    Opening command session with slot 1.
    Connected to slot 1. Escape character sequence is 'CTRL-^X'.
    login: cisco
    Password:
    ***NOTICE***
    This product contains cryptographic features and is subject to United States
    and local country laws governing import, export, transfer and use. Delivery
    of Cisco cryptographic products does not imply third-party authority to import,
    export, distribute or use encryption. Importers, exporters, distributors and
    users are responsible for compliance with U.S. and local country laws. By using
    this product you agree to comply with applicable laws and regulations. If you
    are unable to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    ***LICENSE NOTICE***
    There is no license key installed on the SSM-IPS10.
    The system will continue to operate with the currently installed
    signature set.  A valid license must be obtained in order to apply
    signature updates.  Please go to http://www.cisco.com/go/license
    to obtain a new license or install a license.
    sensor#
    sensor# sh ver
    Application Partition:
    Cisco Intrusion Prevention System, Version 6.0(6)E3
    Host:
        Realm Keys          key1.0
    Signature Definition:
        Signature Update    S399.0                   2009-05-06
        Virus Update        V1.4                     2007-03-02
    OS Version:             2.4.30-IDS-smp-bigphys
    Platform:               ASA-SSM-10
    Serial Number:          ........
    No license present
    Sensor up-time is 21 min.
    Using 655507456 out of 1032499200 bytes of available memory (63% usage)
    application-data is using 39.7M out of 166.8M bytes of available disk space (25%
    usage)
    boot is using 37.6M out of 68.6M bytes of available disk space (58% usage)
    MainApp          N-NUBRA_2009_JUL_15_01_10_6_0_5_57   (Ipsbuild)   2009-07-15T01
    :15:08-0500   Running
    AnalysisEngine   N-NUBRA_2009_JUL_15_01_10_6_0_5_57   (Ipsbuild)   2009-07-15T01
    :15:08-0500   Running
    CLI              N-NUBRA_2009_JUL_15_01_10_6_0_5_57   (Ipsbuild)   2009-07-15T01
    :15:08-0500
    Upgrade History:
      IPS-K9-6.0-6-E3   17:48:06 UTC Wed Jul 15 2009
    Recovery Partition Version 1.1 - 6.0(6)E3
    sensor#

    Hi,
    CON-SU1-AS2A10K9 contract if for ASA+IPS bundle. If AIP-SSM-10 ws purchased as a spare the contract would be CON-SU1-ASIP10K9.
    I am not sure whether or not this Cisco Service for IPS contract can be  used to cover just the AIP-SSM-10 if it was purchased as part of a  Bundle instead of a Spare.
    I would recommend that you check with your Cisco reseller or Cisco  Sales Representative.
    Sourav

  • How to do a factory reset ASA-SSM-10?

    Hi.
    I forgot the user for management a IPS SSM-10, when i follow the procedure to reset the password for cisco user, i can get into the module, i change the password and every thing is OK, but when i tried to configure y don´t have rights to do anything.
    if i see the privileges for the user cisco this is the result
    EDGE-IPS2# sh user
        CLI ID   User    Privilege
    *   4143     cisco   viewer
    Application Partition:
    Cisco Intrusion Prevention System, Version 6.1(1)E2
    Host:
        Realm Keys          key1.0
    Signature Definition:
        Signature Update    S364.0                   2008-10-24
        Virus Update        V1.4                     2007-03-02
    OS Version:             2.4.30-IDS-smp-bigphys
    Platform:               ASA-SSM-10
    Serial Number:          JAF1208BNPP
    License expired:        20-Jun-2009 UTC
    Sensor up-time is 1:09.
    Using 657850368 out of 1032495104 bytes of available memory (63% usage)
    system is using 17.7M out of 29.0M bytes of available disk space (61% usage)
    application-data is using 41.5M out of 166.8M bytes of available disk space (26% usage)
    boot is using 40.5M out of 68.6M bytes of available disk space (62% usage)
    MainApp          M-2008_APR_24_19_16    (Release)   2008-04-24T19:49:05-0500   Running
    AnalysisEngine   ME-2008_JUN_05_18_26   (Release)   2008-06-05T18:55:02-0500   Running
    CLI              M-2008_APR_24_19_16    (Release)   2008-04-24T19:49:05-0500
    Upgrade History:
    * IPS-K9-6.1-1-E2           22:40:50 UTC Tue Feb 26 2013
      IPS-sig-S364-req-E2.pkg   18:43:20 UTC Wed Nov 12 2008
    Recovery Partition Version 1.1 - 6.1(1)E2
    Host Certificate Valid from: 17-Nov-2008 to 18-Nov-2010
    What can i do in this case?
    IPS Info
    Getting details from the Service Module, please wait...
    ASA 5500 Series Security Services Module-10
    Model:              ASA-SSM-10
    Hardware version:   1.0
    Serial Number:      JAF1208BNPP
    Firmware version:   1.0(11)4
    Software version:   6.1(1)E2
    MAC Address Range:  001e.f710.5b6c to 001e.f710.5b6c
    App. name:          IPS
    App. Status:        Up
    App. Status Desc:
    App. version:       6.1(1)E2
    Data plane Status:  Up
    Status:             Up
    Mgmt IP addr:       X.X.X.X
    Mgmt web ports:     443
    Mgmt TLS enabled:  

    The process will normally use the following command:
    hw-module module 1 password-reset
    It will reload the ASA and when loggin back the "Cisco" username will have admin rights.
    If this is not your case, a re-image of the unit will be the next step, keep in mind that this will remove all the custom config.

Maybe you are looking for