Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Editing the IPS config on the desktop and SCP/FTP it back up to the blade

After FTP/SCP/SFTP'ing down an IPS 6.x blade config, is there a way to edit it on the desktop and FTP/SCP/SFTP it back up? If that is possible, what editor can be used for editing the file in its' native format? What is the IPS config file type (txt, xml, CRLF)?

Cisco Employee

Re: Editing the IPS config on the desktop and SCP/FTP it back up

When you use the "copy" command to copy the config to a server it will be copied in a text format.

Any text editor can be used to modify the file.

But be very carefull when making modifications. Any mistakes in editing can prevent large sections of the configuration from being used.

You also can NOT just copy the contents of the configuraiton file, and paste them into a CLI session.

When doing commands in the CLI there are some interactive commands that require answers by the user.

You CAN, however, use the Copy command to copy them from your server back into the sensor.

When using the Copy comand the CLI assumes yes answers to questions that would normaly be interactive when run on the CLI.

NOTE: The configuration on the device itself is in an XML format. But when using the Copy command to copy out the config it is copied out as simple CLI command text. And when copied back in it is copied in as text, and then dynamically converted into the specific XML format for storage on the device itself.

If you are dealing with multiple sensors all needing the exact same configuration there is a new feature in the latest sensor version that may be of interest.

You make the edits in one sensor (using CLI or IDM, or IME).

Then copy the config to your server.

Then use the copy command on the other sensors to copy the config from your server.

The copy command will prompt you whether or not to change the host information of the sensor (IP, etc..).

If you say no, then it will copy in the other configuraiton but leave the host information (IP, etc..) the same.

This makes it easy to copy the configuration from one device to another while still keeping separate identities for the devices.

CreatePlease to create content