Engine E2 Question

Answered Question
May 6th, 2008
User Badges:

Dear Sir/Madam,


I manage four Cisco IPS sensors SSM-20. I am currently running 6.0(3) E1 and do not particularly want to upgrade to 6.0(4) because of the following;


CSCsm60273 AIP-SSM stays in Unresponsive state after ASA5500's bootup


I have a number of power downs this year but need to continue to install signature updates but will be unable to if I do not upgrade to 6.0(4) E2 as per your comment below,


Warning: After E2 is released, your sensors must be running release 5.1(7)E2 or 6.0(4)E2 to continue to install signature updates.


I would prefer to stay on 6.0(3) and upgrade to E2 (as this version is eligibale for engine upgrade) and wait until caveat CSCsm60273 is resolved - hopefully in 6.0(5)but I then will not be able to apply the signature updates.


Please can you assist me?

Thanks in advance for your time.

Rich,


Correct Answer by marcabal about 8 years 11 months ago

The E2 release date is still subject to change.


A rough guess would be sometime in June; so you would still have a few weeks to schedule your upgrade to 6.0(4).


BUT keep in mind that there is always the small possibility of something unexpected happening. If a new vulnerability were to be announced that could only be monitored with a new engine, then E2 could be released sooner on an emergency basis. Nobody is expecting this to happen, but just wanted to be clear that the very small possibility always exists.


Correct Answer by marcabal about 8 years 11 months ago

Understand that CSCsm60273 is not specific to 6.0(4). It can also happen with the 6.0(3) you are already running and likely earlier versions as well.


It will also not be fixed in 6.0(5).

Instead it has been determined to be a bug in the ASA/Rommon and not in the IPS image.

So it can not be fixed in 6.0(5), and instead needs a new ASA and/or Rommon to get the fix.


So this bug should not affect your decision on whether or not to upgrade to 6.0(4).


As for E2 understand that 6.0(3) is NOT elligible for upgrade to E2. E2 will only be created for 6.0(4).


The 6.0(3) elligibility for E2 ran out at the end of April.


The signature policy states "b) Signature update support for service packs of currently supported major and minor software releases will be supported for at least sixty (60) days following the introduction of a new service pack."


So 6.0(3) was fully supported for signature updates (and therefore engine updates) for 60 days after 6.0(4) released.

6.0(4) released at the end of February so 6.0(3) support was only guaranteed for 60 days which was the end of April.


Now in May there is no longer any guarantee of signature support (or engine updates) for 6.0(3).


So long as E2 has not released you can still install the E1 signature updates on any E1 sensor (including 6.0(3)E1). But when E2 is released it will only support 6.0(4). It will not support 6.0(3) because when E2 releases it will have been more than 60 days since 6.0(4) was released.


NOTE: E2 will also support the latest service pack on the 5.1 train which is 5.1(7).


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
marcabal Wed, 05/07/2008 - 06:56
User Badges:
  • Cisco Employee,

Understand that CSCsm60273 is not specific to 6.0(4). It can also happen with the 6.0(3) you are already running and likely earlier versions as well.


It will also not be fixed in 6.0(5).

Instead it has been determined to be a bug in the ASA/Rommon and not in the IPS image.

So it can not be fixed in 6.0(5), and instead needs a new ASA and/or Rommon to get the fix.


So this bug should not affect your decision on whether or not to upgrade to 6.0(4).


As for E2 understand that 6.0(3) is NOT elligible for upgrade to E2. E2 will only be created for 6.0(4).


The 6.0(3) elligibility for E2 ran out at the end of April.


The signature policy states "b) Signature update support for service packs of currently supported major and minor software releases will be supported for at least sixty (60) days following the introduction of a new service pack."


So 6.0(3) was fully supported for signature updates (and therefore engine updates) for 60 days after 6.0(4) released.

6.0(4) released at the end of February so 6.0(3) support was only guaranteed for 60 days which was the end of April.


Now in May there is no longer any guarantee of signature support (or engine updates) for 6.0(3).


So long as E2 has not released you can still install the E1 signature updates on any E1 sensor (including 6.0(3)E1). But when E2 is released it will only support 6.0(4). It will not support 6.0(3) because when E2 releases it will have been more than 60 days since 6.0(4) was released.


NOTE: E2 will also support the latest service pack on the 5.1 train which is 5.1(7).


Correct Answer
marcabal Wed, 05/07/2008 - 07:30
User Badges:
  • Cisco Employee,

The E2 release date is still subject to change.


A rough guess would be sometime in June; so you would still have a few weeks to schedule your upgrade to 6.0(4).


BUT keep in mind that there is always the small possibility of something unexpected happening. If a new vulnerability were to be announced that could only be monitored with a new engine, then E2 could be released sooner on an emergency basis. Nobody is expecting this to happen, but just wanted to be clear that the very small possibility always exists.


DSmirnov Wed, 05/07/2008 - 07:35
User Badges:

Sorry if I missed it but what about 6.1? Will E2 be supported on one?

marcabal Wed, 05/07/2008 - 07:59
User Badges:
  • Cisco Employee,

Yes E2 will support 6.1(1).


Actions

This Discussion