Upgrading IPS Engine to 7.0(4) E4

Similar Messages

• IPS Engine Upgrade

  Hi all
  I have an IPS running 6.1(1) image with E1 engine.I want to upgrade this to E3.Is to possible to upgrade directly to E3?.What are the things to consider for upgrading the Engine(i want to upgrade manually)? Is there any advange on E3 over E2 or E1?
  Thanks In Advance

  Yes, you can go directly from 6.1(1)E1 to 6.1(1)E3.
  Go to this link, select your model sensor, select the IPS System Upgrades link, and select All Releases->E3->6.1->6.1(1)E3.
  http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875311
  Download the IPS-engine-E3-req-6.1-1.pkg file, and install it on your sensor.
  The "engine" upgrade changes just the E level of the sensor.
  HOWEVER, I recommend that on your next scheduled network downtime that you upgrade all the way to 6.1(2)E3.
  Instead of selecting 6.1(1)E3 you would instead select 6.1(2)E3 on that download page.
  You can then download IPS-K9-6.1-2-E3.pkg file (name might differ for the AIM and NME platforms).
  Installing this file will upgrade not only the Engine level from E1 to E3, but will also upgrade you to the next Service Pack level (2).
  Why should you upgrade to E3 instead of E2?
  All new signature updates are only released for E3. Signatures stopped being developed for E2 as soon as E3 was released. You always need to stay at the latest E level to get the latest signature updates.
  Why should you upgrade all the way to 6.1(2)E3 instead of just 6.1(1)E3?
  You get additional bug fixes by going to 6.1(2)E3.
  In addition you need to keep in mind that there will at some point be an E4, and there are rules as to which versions E4 will be available for.
  The next Engine Update (in this case E4) will be available for the latest service pack of each Major.Minor version. With 6.1 that latest Service Pack is 6.1(2). It will not be available for the prior Service Pack level unless the most recent service pack has been released less than 60 days ago.
  Explanation:
  6.1(2)E3 was released on Dec 19, 2008.
  If E4 has been released any time between Dec 19, 2008 and Feb 19, 2009; then we would have released both an E4 for 6.1(2) AS WELL AS 6.1(1). After Feb 19, 2009 Cisco will no longer release an Engine Update for 6.1(1). So E4 will be released for 6.1(2), and NOT 6.1(1).
  So to be prepared for E4 you need to be running 6.1(2)E3 right now.
  Any time a new Service Pack is released you should be scheduling to upgrade to that next Service Pack within 60 days if you want to be sure you are always able to install the latest signature and engine updates.

• How to upgrade IPS Signature

  Can anyone help me with the steps of upgrading the IPS signature for the platform ASA SSM-20, IDS 4215, WV-SVC-IDSM-2 via IDM and IME. All the sensors are already upgraded with Engine E4 with signature S480.
  Can I upgrade the signature directly from S480 to S507? Please let me know the file which I need to download. Is there any impact while updating the signture like reboot?

  Hi Gangadaran,
  We can apply the same package on all the mentioned platforms. It can be applied to all below platforms:
  - IPS-42xx Cisco Intrusion Prevention System (IPS) sensors
  - IDS-42xx Cisco Intrusion Detection System (IDS) sensors (except the IDS-4220, and IDS-4230)
  - WS-SVC-IDSM2 series Intrusion Detection System Module (IDSM2)
  - NM-CIDS IDS Network Module for Cisco 26xx, 3680, and 37xx Router Families.
  - ASA-SSM-10 Cisco ASA Advanced Inspection and Prevention Security Services Module (Requires ASA)
  - ASA-SSM-20 Cisco ASA Advanced Inspection and Prevention Security Services Module (Requires ASA)
  - ASA-SSM-40 Cisco ASA Advanced Inspection and Prevention Security Services Module (Requires ASA)
  - AIM-IPS Cisco Advanced Integration Module for ISR Routers
  Refer the readme for all details:
  http://www.cisco.com/web/software/282549755/37074/IPS-sig-S507.readme.txt
  All the best!!
  Thanks,
  Prapanch

• IPS engine upgrade with failover ASA, now they don't match?

  We recently added a failover 5520 with the ASA-SSM-20, which matches the primary ASA/IPS. My question is I just upgraded the primary IPS to 5.1(5)-E1. It went fine, except now the failover IPS is still on 5.0(2). How do I update the failover IPS to match what's on the primary?
  Shouldn't this happen automatically since it is setup in a failover scenario? I have it cabled via a cross-over cable to the primary ASA.

  The SSM modules are managed completely separately from the firewalls; you need to upgrade & manage both of them individually, as well as apply the same configurations to each either separately, or via a group in either CSM or VMS...
  If the second SSM module hasn't been given its own IP, you can "session" into it from the standby firewall console and then give it it's own IP..
  If this helped, please rate the post :-)
  Thanks!
  ...Nick

• Upgrading IPS strings, ASA SSM-10 module

  I am having a challenging time upgrading the ASA SSM-10 IPS module. I down loaded the IPS-sig-s327-req-e1.pkg to Win XP ftp server (my workstation). The instructions in following does not work: http://download-sj.cisco.com/cisco/ciscosecure/ips/6.x/sigup/IPS-sig-S327.readme.txt
  "error: execUpgradeSoftware : Connect failed". Any suggestion would be appreciated.

  I can connect the LAN switch directly to the inside interface of the ASA5510 firewall. Hosts can get Internet connectivity while cabled to the switch. However, when the LAN switch is connected to the port on the IPS module, there is no Internet connectivity. Any suggestions would be appreciated. The following is the sh configuration and sh int output.
  sh con_[Jfiguration
  Version 5.1(6)
  ! Current configuration last modified Sat Apr 05 12:28:11 2008
  service interface
  exit
  service analysis-engine
  virtual-sensor vs0
  physical-interface GigabitEthernet0/1
  exit
  exit
  service authentication
  exit
  service event-action-rules rules0
  exit
  service host
  network-settings
  host-ip 192.168.1.36/24,192.168.1.10
  host-name ips
  telnet-option enabled
  --MORE--
  access-list 0.0.0.0/0
  exit
  time-zone-settings
  offset 0
  standard-time-zone-name UTC
  exit
  exit
  service logger
  exit
  service network-access
  exit
  service notification
  exit
  service signature-definition sig0
  exit
  service ssh-known-hosts
  exit
  service trusted-certificates
  --MORE--
  exit
  service web-server
  exit
  ips# sh inter_[Jfaces _[2C
  Interface Statistics
  Total Packets Received = 6806
  Total Bytes Received = 2001784
  Missed Packet Percentage = 0
  Current Bypass Mode = Auto_off
  MAC statistics from interface GigabitEthernet0/1
  Interface function = Sensing interface
  Description =
  Media Type = backplane
  Missed Packet Percentage = 0
  Inline Mode = Unpaired
  Pair Status = N/A
  Link Status = Up
  Link Speed = Auto_1000
  Link Duplex = Auto_Full
  Total Packets Received = 6807
  Total Bytes Received = 2001866
  Total Multicast Packets Received = 0
  Total Broadcast Packets Received = 0
  Total Jumbo Packets Received = 0
  Total Undersize Packets Received = 0
  Total Receive Errors = 0
  Total Receive FIFO Overruns = 0
  Total Packets Transmitted = 6807
  --MORE--
  Total Bytes Transmitted = 2017118
  Total Multicast Packets Transmitted = 0
  Total Broadcast Packets Transmitted = 0
  Total Jumbo Packets Transmitted = 0
  Total Undersize Packets Transmitted = 0
  Total Transmit Errors = 0
  Total Transmit FIFO Overruns = 0
  MAC statistics from interface GigabitEthernet0/0
  Interface function = Command-control interface
  Description =
  Media Type = TX
  Link Status = Down
  Link Speed = N/A
  Link Duplex = N/A
  Total Packets Received = 126
  Total Bytes Received = 14255
  Total Multicast Packets Received = 0
  Total Receive Errors = 0
  Total Receive FIFO Overruns = 0
  Total Packets Transmitted = 1
  Total Bytes Transmitted = 64
  Total Transmit Errors = 0
  Total Transmit FIFO Overruns = 0

• Upgrade IPS moudle on ASA to 6.0.3

  I upgraded the ips module ASA-SSM-20 on the ASA from 5.x to 6.0.3 lately. The ASA are setup as active/standby. i upgraded both modules successfully on each ASA. After the upgrade, i notice the ASA failover to the other partner about 10 times for the past day, particularly when traffic was high. Before the upgrade, i don't have this problem. Anyone run into this problem before, and any idea? thanks.

  Hi, I have the same problem by one our customer. I would like to compare my and your sw versions? We are using Cisco ASA ver 7.0.7GD, I tested it also on versions 7.2.2 and 7.2.3 the result is the same! Do you use also the IPS Firmware version: 1.0(11)2, Software version: 6.0(3)E1? Please could you write out from configuration "show failover state", do you see there also in the field "Last Failure Reason" = IPS Card Failure in both unit? I thing there should be some problem with the new IPS software! If you wish contact me!
  Best regards
  Jakub Chytracek
  [email protected]

• Upgrade J2ee Engine 1.4.2_06 to 1.4.2_11

  Hi,
  In our production XI3.0 SP16 server j2ee engine sutting down if we run many jobs at a time. Currently we are using j2ee 1.4.2_06 , this problem happend due to j2ee engine unstability.
  SAP note says that need to upgrade j2ee from 1.4.2_06 to 1.4.2_11 . Not sure how to do this at OS level and after that where to change parameters for new java 1.4.2_11 settings.
  Before that what files/folders need to take backup.Any idea how to upgrade.
  -cheers !

  Hi Lisa,
  It's known problem in XI. But Apart from SP06, some more reasons are there....
  First, Let me know the RAM size... As utilization increases, due to lack of memory, first J2EE engine stops... Because, J2EE engine needs lots of resources.
  Normally, For 200 Documents/Hr needs 4GB to 6GB RAM.
  Next, There are some standard memory parameter setting which should be set by Basis during installation. That can be changed as per requirement like paging area etc. (I am not sure, which one is required). But this too worked for us.
  Regards,
  Audy

• Can VMS be used to upgrade IPS version (not sig)

  Can VMS be used to upgrade the IPS version on sensors? Or do you have to log into each sensor and upgrade that way?

  VMS (and it's little brother CSM) were designed to apply all the updates; signature, Service Packs and even (when you're lucky) Majot Updates. VMS is a management tool, allowing you to manage more sensors than if you had to log into each one by hand.

• Upgrading IPS-4240-K9

  Hi,
       I have an IPS-4240-K9 with system Version 5.1(8)E2 and I need to upgrade to the last version Release 7.1(7)E4, I need to know if there is some way to do this without jumping from all the old versions (6.0 E2, 6.0 E3, 6.0E4, etc) do i need to make a reimage?? what is the process?? what files needs to download?
  Thanks,

  Hello Salvador,
  The upgrade path is: 5.1(8) >  6.0(6) > 7.1
  If you want to do it directly you will need to re-image the sensor.
  For upgrade use teh .pkg file and for re-image use the .img file.
  Download from:
  http://software.cisco.com/download/type.html?mdfid=278810718&flowid=4425
  For re-image:
  http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_system_images.html#wp1060091
  Hope it helps,
  Regards,
  Felipe.

• Upgrade AIP SSM with Signature Engine 4 file

  When I tried to upload Signature Engine 4 file (IPS-engine-E4-req-7.0-2.pkg),  using FTP server both by CLI and IDM, to new AIP SSM sensor, I got the following  error message:
  Cannot upgrade software on the sensor - socket error:110.
  When I tried to do the same by using these steps: IDM --> Configuration  --> Sensor Management --> Update Sensor --> choose Update is located on  this client --> choose the "IPS-K9-7.0-2-E4.pkg" file --> hit the "Update  Sensor" button, I got the following error message
  The current signature level is S480.The current signature level must be  less than s480 for this package to install.
  Here is the output for sh ver command
  AIP_SSM# sh version
  Application Partition:
  Cisco Intrusion Prevention System, Version 7.0(2)E4
  Host:
      Realm Keys          key1.0
  Signature Definition:
      Signature Update    S480.0                   2010-03-24
  OS Version:             2.4.30-IDS-smp-bigphys
  Platform:               ASA-SSM-10
  Serial Number:          JAF1514BAHS
  Licensed, expires:      07-Jun-2012 UTC
  Sensor up-time is 21 days.
  Using 695943168 out of 1032495104 bytes of available memory (67% usage)
  system is using 17.4M out of 38.5M bytes of available disk space (45% usage)
  application-data is using 45.4M out of 166.8M bytes of available disk space (29% usage)
  boot is using 41.6M out of 68.6M bytes of available disk space (64% usage)
  application-log is using 123.5M out of 513.0M bytes of available disk space (24% usage)
  MainApp            B-BEAU_2009_OCT_15_08_07_7_0_1_111   (Ipsbuild)   2009-10-15T08:09:06-0500   Running
  AnalysisEngine     BE-BEAU_E4_2010_MAR_25_02_09_7_0_2   (Ipsbuild)   2010-03-25T02:11:05-0500   Running
  CollaborationApp   B-BEAU_2009_OCT_15_08_07_7_0_1_111   (Ipsbuild)   2009-10-15T08:09:06-0500   Running
  CLI                B-BEAU_2009_OCT_15_08_07_7_0_1_111   (Ipsbuild)   2009-10-15T08:09:06-0500
  Upgrade History:
    IPS-K9-7.0-2-E4   02:00:07 UTC Thu Mar 25 2010
  Recovery Partition Version 1.1 - 7.0(2)E4
  Host Certificate Valid from: 30-May-2011 to 30-May-2013
  Any idea what could be the problem?
  Regards,

  Based on your show version, you already have E4, what is it that you are trying to do?
  Mike

• Upgradation of IPS in AIPSSM Module

  Hi All,
  Can we upgrade the Engine Version of IPS from 6.0(3)E1 to the latest engine version directly in AIPSSM Module . If yes,please let me know if any steps to be noted down while upgrading the same.
  Regards
  Kiran

  Please refer to the following link:
  http://www.cisco.com/en/US/partner/docs/security/ips/7.0/release/notes/22789_01.html#wp1235012
  SongL

• IPS(ASA moduel) signature upgrade cause users lost connectivity to outside

  Hi All:
  need you adivse.
  i have two ASA running A/S mode, both ASA have ASA-SSM-AIP-20-K9 inside with fail-open option and identical configuration
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:宋体;
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  Any time i upgrade IPS signature/OS, users will experience around 1 minute downtime to outside.
  Is this a correct behavior?
  Thanks

  Jason;
    That is not expected behavior for signature updates.  On the AIP-SSM's configuration, have you changed the bypass mode to off?
    For software upgrades, which require the AIP-SSM to reboot, a failover of the ASA is expected if you have not disabled the IPS inspection service policy prior to performing the upgrade.
  Scott

• After gtk2 upgrade, i lost the gtk engine appearance

  hi all,
  Yesterday i do the following upgrades:
  [08/01/06 22:50] starting full system upgrade
  [08/01/06 23:15] upgraded eject (2.1.2-2 -> 2.1.5-1)
  [08/01/06 23:15] upgraded gtk2 (2.8.20-1 -> 2.10.1-1)
  [08/01/06 23:15] upgraded gtk-engines (2.6.7-1 -> 2.6.10-1)
  [08/01/06 23:15] upgraded librsvg (2.14.4-1 -> 2.14.4-2)
  [08/01/06 23:15] upgraded libwmf (0.2.8.4-2 -> 0.2.8.4-3)
  [08/01/06 23:15] upgraded ppp (2.4.4-1 -> 2.4.4-2)
  But now, i lost the gtk style appearance (none of my styles works).
  Anybody can help with this problem?

  johnisevil wrote:
  bubupl wrote:
  Just copy engines files (librezlooks.la and librezlooks.so) from /usr/lib/gtk-2.0/2.4.0 to  /usr/lib/gtk-2.0/2.10.0
  works for me
  Personally, I wouldn't recommend doing that.  Just rebuild rezlooks against gtk2-2.10.x to keep things consistant.
  In this case it's a completely valid solution, as the API between 2.4 and 2.10 hasn't changed for theme engines. The only thing that has changed is filechooser plugins, which is why they bumped.
  The only problem I would have with this solution is that pacman doesn't know about the new files anymore, but if you're hacking around anyways, the filelist in /var/lib/pacman could be updated to match the new location aswell

• IDSM-2 upgrade process questions.

  Hello,
  I started a new job and have been tasked with looking into what we can do with the IDSM-2 module we have in our 6509. The company has not been using the module so it hasn't been updating in a few years. I do not have a current license so I know I cannot install new signature updates, but what I would like to do is upgrade the software to version 7.0(5a)E4. Once I have it upgraded I would like to configure it in our environment and then see about getting a signature license.
  I have a few questions regarding the upgrade process, and could use some assistance.
  First the IDSM is currently running version 5.1(3)S256.0. From what I have read I don't believe I can go directly to 7.0(5a)E4 so my Planned Upgrade Path is: 5.1(3)S256.0 -> 5.1(8)E3 -> 7.0(5a)E4.
  Am I able to upgrade this way or is there another recommended way that I should do this upgrade?
  The files I have for this are below, will they be enough or am I missing any?
  Do I apply them in the order listed?
  Can I apply all of these files from the IDM GUI?
  IPS-K9-5.1-8-E3.pkg
  IPS-engine-E3-req-5.1-8.pkg <--- Is this included in the above file?
  IPS-K9-r-1.1-a-5.1-8-E3.pkg
  IPS-K9-7.0-5a-E4.pkg
  IPS-K9-r-1.1-a-7.0-5a-E4.pkg
  I plan on backing up my configuration first just in case, but should this process have any affect on the configuration?
  I also saw that the upgrade will convert the configuration, so should I back it up a second time between the 5.1(8)E3 and 7.0(5a)E4 step?
  Will there be any effect on network traffic or downtime during this process?
  Is there any thing else I need to be aware of or that I'm missing?
  Thanks in advance,
  Will

  Hi Will. Since you indicated that this sensor has not been in-use, it would be quickest/easiest to simply re-image it directly to the desired version (7.0(5a)E4). Additional benefits of doing this are that the sensor's filesystem will be created clean, OS/binaries cleanly installed, no potential config conversion issues, etc.
  Step-by-step instructions for doing this can be found here.
  And, the System Recovery Image file you will need ('IPS-IDSM2-K9-sys-1.1-a-7.0-5a-E4.bin.gz') can be downloaded here.
  Will there be any effect on network traffic or downtime during this process?
  That depends on whether the sensor is configured in Promiscuous Mode or Inline [VLAN Pair] Mode. You can determine this from the Catalyst config. If the sensor is installed in Inline [VLAN Pair] Mode, then certainly the re-image (and even just upgrade) could be traffic-impacting (if there is no alternative/backup path for traffic to take), as in both scenarios, the sensor is rebooted and not available for ~10 minutes (during which time, it would not be forwarding traffic (if it were installed Inline)). Additionally, since re-imaging results in a clean/default config, if the sensor were configured Inline, that portion of the config would have to be re-input post-reimage so that the sensor would know to forward traffic accordingly again. Details about the modes can be found here.

• AIP-SSM Upgrade Procedure

  Hi everybody!
  I have ASA5520 version 8.2(1) with AIP-SSM-20 module
  and I want to upgrade AIP-SSM-20 software from version 6.1(3)E3 to 7.0(2)E4
  I go to the download site and see the following list:
  Intrusion Prevention System (IPS) Recovery Software:
  IPS-K9-r-1.1-a-7.0-2-E4.pkg
          Release Date: 29/Mar/2010
          IPS Recovery Image File
  Intrusion Prevention System (IPS) Signature Updates:
  IPS-sig-S481-req-E4.pkg
          Release Date: 31/Mar/2010
          E4 Signature Update S481
  Intrusion Prevention System (IPS) System Software:
  IPS-SSM_20-K9-sys-1.1-a-7.0-2-E4.img
          Release Date: 29/Mar/2010
          IPS-SSM_20 System Image File
  Intrusion Prevention System (IPS) System Upgrades
  IPS-K9-7.0-2-E4.pkg
          Release Date: 29/Mar/2010
          IPS 7.0 Major Upgrade File (All Supported Platforms Except AIM-IPS and NME-IPS)
  IPS-engine-E4-req-7.0-2.pkg
          Release Date: 29/Mar/2010
          IPS E4 Engine Update
  I am somewhat confused by the number of files and want to ask what the procedure/sequence I should follow to upgrade?

  This is the file that you would like to use to upgrade it:
  Intrusion Prevention System  (IPS) System Upgrades
  IPS-K9-7.0-2-E4.pkg
  To upgrade:
  1) Upload the "IPS-K9-7.0-2-E4.pkg" file through IDM
  2) IDM --> Configuration --> Sensor Management --> Update Sensor --> choose Update is located on this client --> choose the "IPS-K9-7.0-2-E4.pkg" file --> hit the "Update Sensor" button.
  It will take a while (around 20 minutes) to upgrade the sensor, so don't panic if it doesn't come back up in "UP" status straight away.
  Hope that helps.