I am trying to get my head around IOS IPS after only working with "real" IPS, , so I have a question for anyone who is familiar with this.
Normally we have our IPS sensors in the ASA or standalone sensors get signature updates from our management server so that we can test them out before deploying them to our customer devices. When configuring it in the service host section all I have to do is specify the IP address of our management server, the directory the updates are located in, file copy protocol of FTP, and username/password which has access to the directory. Then, when the IPS sensor checks that directory it will update it's signature only if a new signature file is in that directory. I do not have to specify a specific signature in my configuration, just the directory.
Last night I was testing this on a 2911 router and tried just specifying the the URL as follows but it wasn't working:
The error I got, when running debug ip ips auto-update was that the folder or file did not exist on the remote server. When I changed the configuration to specify a specific signature as shown below, though, it worked like a charm.
url ftp://<IP OF MGMT SERVER>/signature/IOS-S772-CLI.pkg
Since we may be managing a few hundred of these devices it is not feasible to have to specify a specific file for the auto-update feature to work so my question to the group is how I can just configure the router to check a specific folder and update its signature if there is a new signature package in that folder.
Thank you for the reply Saurav. That procedure you point to is to update directly from Cisco which is not the process we want. We always like to test the signatures in our lab first before pushing them out to production devices which is why we choose to update from a local server.
In the directions from that link it would appear that just putting in the URL to where the signature is located on the local server would be enough. When I did that the update didn't work however when I add the file name, no other change in the URL, the update did work. So I know the URL and Username/Password combination were all correct.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :