Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)

Incremental IPS signatures maintenance

Hello.

What is the recommended way to maintain all incremental IPS signature files created from periodic signature updates? I noticed my small 880 series routers (yeah, I use the cheap IOS IPS) restarts IPS engine for each and every incremental file available; since each restart takes close to a minute, it takes forever to return a router to its working state after any extended power outage, when you have, let's say, a couple months worth of signature updates (from S638 to S725).

Should I clear the IPS and restart it from scratch using the latest pkg/zip combo as found on SDM, just use the pkg file via CLI, or is there any command I could use to maybe merge all those incremental files?

Any suggestions are welcome.

Thanks and regards,

Alex

Everyone's tags (2)
2 REPLIES

Incremental IPS signatures maintenance

Hello Alexandre,

I would actually recommend always stay on the latest version for that you could get the package manually as u said or go ahead and configure auto-signature update

For Networking Posts check my blog at http://www.laguiadelnetworking.com/category/english/

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Incremental IPS signatures maintenance

Hi Julio.

The problem is not staying on the latest version - which is what I do. The problem, actually, is I am avoiding a "reinstall" of IPS feature. As said, there are 50+ "iosips-sig-default-SXXX.xmz" incremental files on my flash:ips/ folder. Since last year updating via SDM was the only available option; by S648 Cisco stopped publishing new .pkgs and at that time I had plenty of dead routers, literally out of any recovery, because of the combo IOS 15.0M and auto-updates (please read http://tools.cisco.com/security/center/viewBulletin.x?bId=464&year=2012). I have recently open a new TAC and, after some internal testing, they resumed publishing .pkg files again.

Auto signature update is not an option since then, so the only way to be back on track was using SDM. That and a manual change control process helped, but again, it is a freakin' time consuming process, not only to deploy signatures but also to recover routers back after power loss. Hence my latest TAC.

Having said that, I was wondering if, by applying the latest .pkg via CLI ("copy IOS-SXXX-CLI.pkg idconf") I could get rid of all those "iosips-sig-default-SXXX.xmz" files and reduce my effective reload times back to less than an hour. If there is no other way to reuse currently deployed sig files, I guess I should plan to clear and reapply IPS feature from the current .pkg file. That will be fun... *sigh*

Thanks,

Alex

404
Views
0
Helpful
2
Replies
CreatePlease to create content