Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Cisco Employee

AIP SSC and SSM having issues with the changes being made to the default configuration.

We began some larger signature retirements as of s612 (which you've probably already noticed) and have continued retiring in each successive release. Each release is tested on a heavily loaded lower capacity sensor before publishing the update to CCO for download.

Just wanted to make you all aware that we've seen a few cases, under certain conditions where the sensor is hitting a high memory mark and may not apply the changes during a signature update. However, after a restart of the sensor, all the changes are in effect.

Specifically, we've seen a few instances where the SSC-5 and the SSM-10; which are the two smallest capacity IPS cards for the ASA,  unable to complete an update when starting at either 6.2(4)e4 or 7.0(6)e4 s549, then jumping up to s614 and s615. These were an application image recovery and then an immediate attempt to update to the most current signature update level. This is jumping 60+ signature update levels, with some large configurations changes happening after s611, on one of the two smallest AIP cards for the ASA.

To avoid the out of memory issues when updating signature levels, we're recommending updating to s611 in smaller increments and then applying s612 and each subsequent release in order, one at a time, until the most recent signature update level is reached.

CreatePlease to create content