cisco ips link update signature automatically ?

Answered Question
Jul 8th, 2010

Dear all,

I would like to know what address or link that we need for update IPS 4240  signature automatically from cisco.

In our IPS config show this link. is  it correct ?
Thanks.
Regards,
Budy
I have this problem too.
0 votes
Correct Answer by Farrukh Haroon about 3 years 9 months ago

Yes the following should work

https://www.cisco.com/cgi-bin/front.x/ida/locator/locator.pl

Regards

Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
budy@perkom.co.id Thu, 07/08/2010 - 06:29

Thank you so much for your help.

is the licence only for update the signature or something else? how about with the Anti Virus update ?

Should we buy a license if the license is expired or we are just download a new signature for it.

Please advice

Thanks.

Best Regards,

Budy

Farrukh Haroon Thu, 07/08/2010 - 06:34

The AV version you see in the 'show version' of your IPS sensor no longer needs to be updated.

It was part of a coloboration between Cisco and Trend Micro, that no longer exists; you can safely ignore the AV updates.

Regards

Farrukh

Scott Fringer Thu, 07/08/2010 - 07:16

Please note that Cisco's IPS sensors do not perform DNS resolution for signature updates.  The signature auto-uopdate URL must be entered in IP address notation, and not FQDN.  You will want:

https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

The double-slash after the IP address is not a typo.

The license key allows for signature updates.  If the license expires you will need to acquire a new license (usually tied to your service contract on the IPS in question) in order to continue updating the IPS signatures.

Scott

Farrukh Haroon Thu, 07/08/2010 - 07:22

Thanks for the correction Scott.

I totally forgot abou that, as I got that URL from MARS.

Regards

Farrukh

DanielQan Thu, 07/08/2010 - 19:46

Umm, I tried to access both links..

I could access the page using the link with one slash (https://198.133.219.25/cgi-bin/front.x/ida/locator/locator.pl), but I couldn't access the page using the link with two slashes (https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl) with the error message: "The Page you requsted is not available".

So, which on of the the correct one ?

Is the license just needed in automatically-updating the intrusion signature (not including firmware/engine update) ?

How long approximately is the signature update released periodically by Cisco ?

Regards,

Daniel

Farrukh Haroon Thu, 07/08/2010 - 20:16

Hello Daniel

The URL with double slashes should be used. This most probably has something to do with reserved characters in LINUX/Cisco IPS and the double slash is used to represent a single slash only. Since you are testing it in your non-unix browser, you have to put only one slash.

Service Packs and Software upgrades to not require a valid license in order to be installed on the sensor. However signature updates require a valid license to be installed on the sensor, prior to installation.

Regards

Farrukh

DanielQan Thu, 07/08/2010 - 20:39

Hello Farrukh,

Thanks for the reply.

Is the link auto-generated ?

If the license only used for updating the signature, and we must update the firmware manually, what is the advantage of buying the license renewal for customer where he could updating his signature manually when he has smartnet coverage (id for downloading the signature from Cisco.com) ?

Regards,

Daniel

Farrukh Haroon Thu, 07/08/2010 - 20:48

The link is static and not auto-generated (If I understood your question correctly).


There is no smartnet for IPS boxes. You have to purchase something called 'Cisco Services for IPS which is basically Smartnet + Signature Updates bundled into a single support offering.

The license cost is associated with the signature updates; because keeping up with the emerging threats and creating the associated signatures requires a lot of effort from Cisco. The license has nothing to do with manual or auto updating.  This is solely as per the security/business requirement of the end-user. The Cisco IPS does however provide both options (manual or auto), one may choose whichever method is more suitable. Irrespective of the method you choose, you would need to have a valid license installed to download and install sig. updates.

Regards

Farrukh

hiyou08@yahoo.com Fri, 01/20/2012 - 18:51

Dear Farrukh,

     I have problem with IPs. My IPs not update the signature and engine.

How can i solve it?

Thanks for your support.

Regards,

Hak

Farrukh Haroon Sat, 01/21/2012 - 00:25

Please provide more details about your scenario:

> Did the problem appear now or they never worked?

> Is Internet connectivity functional?

> Is DNS functional on the box?

> What is the URL you are using?

> Do you have a proxy-server based access?

etc.


Regards

Farrukh

seg.cecred Wed, 07/25/2012 - 05:05

Hello All

I updated my IPS to last version and last signature. It was 5 days ago.

Well, I configured Autoupdate with the URL that was in the device, by default. I put my cisco login and schedule.

I check the autoupdate info and it shows Last Directory and Next Attempt.

Last Download and Last Install shows N/A.

URL below:

https://72.163.4.161//cgi-bin/front.x/ida/locator/locator.pl

why the update doesnt work? How can I see a log for it?

Thanks anyway

Diego

Actions

Login or Register to take actions

This Discussion

Posted July 8, 2010 at 2:15 AM
Stats:
Replies:14 Avg. Rating:5
Views:8490 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 816
2 668
3 603
4 526
5 367
Rank Username Points
5
5
5
5
5