IPS 6.0 Supported FTP Server??

Unanswered Question
Feb 10th, 2009

Hi,is it true that we can only use supported ftp servers that are documented in cisco for updating ips signatures or image?

###cisco ips 6.x document ####

The following FTP servers are supported for IPS software updates:

• WU-FTPD 2.6.2 (Linux)

• Solaris 2.8

• Sambar 6.0 (Windows 2000)

• Serv-U 5.0 (Windows 2000)

• MS IIS 5.0 (Windows 2000)

can we use ordinary ftp servers other than ftp servers listed above?? thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
marcabal Wed, 02/11/2009 - 07:02

When originally implemented the ftp auto update feature had several problems when using other ftp servers.

The implementation has changed over the past few years, and become more generalized.

So the listed FTP Servers are the ones "officially" tested and supported.

However, it should work with most other FTP servers as well.

I would recommend trying it with whatever FTP server you already have running. If it works then great; you are probably fine to keep using it.

If it doesn't work with your FTP server, then you can contact the TAC. If it turns out to be an incompatability between the sensor and your FTP server, then the issue would have to be entered as an enhancement request to get your FTP server supported rather than an actual bug.

We used to hear alot of incompatability problems with other FTP servers a few years ago.

But I haven't heard of any in the past 2 years.

If it is not working, then it is usually not a problem with the actual FTP server, but rather in how it was configured.

Here are a few examples of issues that are sometimes seen, and can be avoided with configuration of the FTP server.

Additional login messages can sometimes confuse the sensor (like warnings about who can access the box).

The FTP server has to be configured to use unix style directory listings instead of windows style.

Permissions on the files themselves can be a problem.

Renaming of the files after being pulled from cisco.com can cause problems, so keep the filenames exactly as seen on the cisco.com pages.

Keep directory names to letters and numbers to avoid parsing problems with the directory name.


This Discussion