IPS signature question

Unanswered Question
Aug 4th, 2010
User Badges:
  • Green, 3000 points or more

Hi,


I have an IPS sensor 4255 and the signature version is pretty old. They don't have automatic update available yet.

I am trying to update the signature manually to the latest version but it does not work.


Current signature version: 463.0

Trying to install: S504


Question:

From IDM, Configuration, Sensor Management, Licensing is where I'm trying to manually update the signature.

I was able to update the image but not the signature.

What are the differences between E3/E4 Signature updates?


If someone could help I'll appreciate it!


Thank you,


Federico.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rhermes Wed, 08/04/2010 - 12:22
User Badges:
  • Gold, 750 points or more

If you sucessfully updated your image to E4 you sould be able to update your signatures.

Unless you do not have a valid license installed on the sensor.

Without a license you can still install software upgrades (that also include signature updates), but you can;t install the signature updates.


Each sensor can have a one-time 60 day trial license that will allow you to update your signatures (for 60 days).


- Bob

Federico Coto F... Wed, 08/04/2010 - 12:34
User Badges:
  • Green, 3000 points or more

Thank you very much, my last question I guess is:

How do I check that the IPS has a valid license that allow signature updates?


Federico.

rhermes Wed, 08/04/2010 - 12:36
User Badges:
  • Gold, 750 points or more

the "show version" command:


4240# sh ver
Application Partition:


Cisco Intrusion Prevention System, Version 7.0(1)E3


Host:
    Realm Keys          key1.0
Signature Definition:
    Signature Update    S478.0                   2010-03-15
    Virus Update        V1.4                     2007-03-02
OS Version:             2.4.30-IDS-smp-bigphys
Platform:               IPS-4240-K9
Serial Number:          JMX1028K245
Licensed, expires:      20-Sep-2010 UTC

...

Federico Coto F... Wed, 08/04/2010 - 12:47
User Badges:
  • Green, 3000 points or more

I'm obviously doing something wrong because I cannot update signatures, check the sh ver:


ips-outside# sh ver
Application Partition:

Cisco Intrusion Prevention System, Version 7.0(1)E3

Host:
    Realm Keys          key1.0
Signature Definition:
    Signature Update    S463.0                   2010-01-21
    Virus Update        V1.4                     2007-03-02
OS Version:             2.4.30-IDS-smp-bigphys
Platform:               IPS-4255-K9
Serial Number:          JMX1325L0M1
Licensed, expires:      05-Sep-2010 UTC
Sensor up-time is 1:49.
Using 1887719424 out of 3974139904 bytes of available memory (47% usage)
system is using 16.5M out of 38.5M bytes of available disk space (43% usage)
application-data is using 45.4M out of 166.8M bytes of available disk space (29% usage)
boot is using 40.6M out of 68.6M bytes of available disk space (62% usage)
application-log is using 494.0M out of 513.0M bytes of available disk space (96% usage)


MainApp            B-BEAU_2009_APR_18_08_00_7_0_1   (Release)   2009-04-18T08:05:25-0500   Running
AnalysisEngine     B-BEAU_2009_APR_18_08_00_7_0_1   (Release)   2009-04-18T08:05:25-0500   Running
CollaborationApp   B-BEAU_2009_APR_18_08_00_7_0_1   (Release)   2009-04-18T08:05:25-0500   Running
CLI                B-BEAU_2009_APR_18_08_00_7_0_1   (Release)   2009-04-18T08:05:25-0500

Upgrade History:

* IPS-sig-S462-req-E3       03:00:22 UTC Thu Jan 21 2010
  IPS-sig-S463-req-E3.pkg   12:00:25 UTC Fri Jan 22 2010

Recovery Partition Version 1.1 - 7.0(1)E3

Host Certificate Valid from: 06-Aug-2009 to 07-Aug-2011


Federico.

rhermes Wed, 08/04/2010 - 13:12
User Badges:
  • Gold, 750 points or more

All the new signature releases require an E4 release of software.

Install 7.xE4 and then you can update your sigs.


- Bob

Actions

This Discussion