Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

IOS IPS Auto-Signature Update Question.

Hello,

I am trying to get my head around IOS IPS after only working with "real" IPS, , so I have a question for anyone who is familiar with this.

Normally we have our IPS sensors in the ASA or standalone sensors get signature updates from our management server so that we can test them out before deploying them to our customer devices.  When configuring it in the service host section all I have to do is specify the IP address of our management server, the directory the updates are located in, file copy protocol of FTP, and username/password which has access to the directory.  Then, when the IPS sensor checks that directory it will update it's signature only if a new signature file is in that directory.  I do not have to specify a specific signature in my configuration, just the directory.

Last night I was testing this on a 2911 router and tried just specifying the the URL as follows but it wasn't working:

url ftp://<IP OF MGMT SERVER>/signature/

The error I got, when running debug ip ips auto-update was that the folder or file did not exist on the remote server.  When I changed the configuration to specify a specific signature as shown below, though, it worked like a charm.

url ftp://<IP OF MGMT SERVER>/signature/IOS-S772-CLI.pkg

Since we may be managing a few hundred of these devices it is not feasible to have to specify a specific file for the auto-update feature to work so my question to the group is how I can just configure the router to check a specific folder and update its signature if there is a new signature package in that folder.

Any help would be appreciated.

Thanks!

Jon.

2 REPLIES
New Member

IOS IPS Auto-Signature Update Question.

Thank you for the reply Saurav.  That procedure you point to is to update directly from Cisco which is not the process we want.  We always like to test the signatures in our lab first before pushing them out to production devices which is why we choose to update from a local server.

In the directions from that link it would appear that just putting in the URL to where the signature is located on the local server would be enough.  When I did that the update didn't work however when I add the file name, no other change in the URL, the update did work.  So I know the URL and Username/Password combination were all correct.

Any other ideas?

Jon.

277
Views
0
Helpful
2
Replies
CreatePlease to create content