Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IDSM2 license upgrade issue

Hi folks,

i have to buy IPS license for my 2 IDSM-2 mosules in order to upgrade them from IDS to IPS.

I take a look to Cisco pricing list and i found 2 software code and i don't know what is the correct one: could you help me ?

1)CON-SU1-WS-IDS2K9

2)CON-SU1-WSIDSXLK9

3)CON-SU1-WIDSBNK9

What is the difference between them ?

I need to purchase IPS license for my IDSM-2 and signature update.

Thanks in advance,

regards,

MArco

1 REPLY
Silver

Re: IDSM2 license upgrade issue

You can apply the IPS-sig-S202-minreq-5.0-1.pkg Signature Update and all following signature updates to all 5.0(x) versioned sensors as well as the newly released 5.1(1) version.

These signature updates contain new signature definition parameters to support the new version 5.1(1) sensors. These new signature definition parameters are also seen on version 5.0(x) sensors, but are ignored if configured on version 5.0(x) sensors.

The sensorApp binary on the 5.0(x) sensors is updated during the signature update so that the new sensorApp can read in, and properly ignore those new signature update parameters. This was done so that a single IPS signature update file can be used across all version 5.x sensors.

The new signature definition parameters have been added in version 5.1(1) and are ignored if configured on version 5.0(x) sensors. Any signatures requiring these parameters do trigger on version 5.0(x) sensors.

Be aware of the following installation caveats:

You can apply the IPS-sig-S202-minreq-5.0-1.pkg Signature Update and all following signature updates to version 5.0(1), 5.0(2), 5.0(3), 5.0(4), 5.0(5), and 5.1(1) sensors.

However if you apply any of the signature updates to a 5.0(1) sensor, then you should not upgrade to the 5.0(2) or 5.0(3) Service Packs. Similarly, if you apply the signature update to a 5.0(2) sensor, you should not upgrade to the 5.0(3) Service Pack. The 5.0(2), and 5.0(3) Service Pack installations scripts do not carry forward the new sensorApp binary (CSCsb49911). Upgrading to 5.0(2) or 5.0(3) results in sensorApp generating errors while trying to read the new configuration, and prevents sensorApp from monitoring for attacks. For this reason the 5.0(2) and 5.0(3) Service Packs have been removed from CCO.

If you apply the signature update to a 5.0(1) sensor, you should upgrade to either 5.0(4) or 5.0(5) Service Packs, or 5.1(1) Minor Update. They do not have the CSCsb49911 issue.

229
Views
0
Helpful
1
Replies
CreatePlease to create content