Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Downgrade IPS ver5.0(2)S152.0 to 4.1

Hi, we have an issue with our client's IDS4215 presently it is using v5.0 but the customer prefer to downgrade to 4.1, which image/service pack should I download first?


Cisco Employee

Re: Downgrade IPS ver5.0(2)S152.0 to 4.1

To re-image back to 4.1 they will need to reboot and break into the bootup by hitting Ctl-r during the rommon init. This will bringup a rommon prompt where they will need to set:



FILE IDS-4215-K9-sys-4.1-4-S91a.img

Then issue the command "tftp" and the sensor will re-image to 4.1.4.

However, sigupdate support for 4.1.x and 5.0.x ends this Month (end of Sept). They would be better off upgrading to 5.1.3 (the latest service pack release).

Cisco Employee

Re: Downgrade IPS ver5.0(2)S152.0 to 4.1

I believe that to downgrade you would need to reimage. I would recommend upgrading to 5.1(3) instead. Signature support 4.x and 5.0 is scheduled to end on Sept. 29th.

For the safest, smoothest upgrades, reset the signatures to their default settings and remove any custom signatures prior to upgrading. The low memory sensors (4210, 4215, NM-CIDS) can run out of memory during upgrades or reboots if to many signatures are tuned. Tuned is usually unretiring and enabling "retired signatures" or creating a bunch of custom signatures or custom signatures with poor regular expressions.

Community Member

Re: Downgrade IPS ver5.0(2)S152.0 to 4.1

TY guys, btw I have further clarifications since Cisco suggests to go to 5.1(3) instead of goin' back to 4.1 my questions are: will 5.1(3) can be added to VMS 2.3? based on the info given below what will be the upgrade path to 5.1(3)? does the 4215 requires memory upgrade prior to image upgrade?

Pls do reply asap. TIA.

IDS4215# sho ver

Application Partition:

Cisco Intrusion Prevention System, Version 5.0(2)S152.0

OS Version 2.4.26-IDS-smp-bigphys

Platform: IDS-4215

Serial Number: 88810241195

No license present

Sensor up-time is 25 days.

Using 243863552 out of 460161024 bytes of available memory (52% usage)

system is using 17.3M out of 29.0M bytes of available disk space (59% usage)

application-data is using 28.7M out of 166.8M bytes of available disk space (18% usage)

boot is using 40.5M out of 68.6M bytes of available disk space (62% usage)

application-log is using 531.1M out of 2.8G bytes of available disk space (20% usage)

MainApp 2005_Mar_04_14.23 (Release) 2005-03-04T14:35:11-0600 Running

AnalysisEngine 2005_Mar_29_16.33 (Release) 2005-03-29T16:45:11-0600 Running

CLI 2005_Mar_04_14.23 (Release) 2005-03-04T14:35:11-0600

Upgrade History:

IDS IDS4215#

-K9-sp-5.0-1.2- 09:00:00 UTC Thu Mar 17 2005

Recovery Partition Version 1.1 - 5.0(2)

Cisco Employee

Re: Downgrade IPS ver5.0(2)S152.0 to 4.1

IPSMC 2.2 will support a 5.1.3 sensor. You do not need a memory upgrade - the 512 Meg memory is enough to run 5.1.3 on your 4215 sensor. You could have memory issues if you unretired many sigs and enabled them, but based on the show ver you provided you seem to have a reasonable sig config. You will need a license for signature upgrades.

Here is your upgrade path from where you are (5.0.2):

1) upgrade to 5.1.1 (IPS-K9-min-5.1-1g.pkg)

2) upgrade to 5.1.3 (IPS-K9-sp-5.1-3.pkg)

3) install license

4) upgrade to latest sigupdate pkg

CreatePlease to create content