Forbidden File or Application

Imran Ahmad · ‎07-13-2012

Hi Guys,

We have recently purchased a Cisco ISR 2921, and on its docs it is writen that this product has a License for IOS IPS Signatrue File, but on the product Flash Memory there is no IOS IPS Sig-File. and while i try to download the sig-file from Cisco, it fails.

Can any one tell me where is an alternate way to download the sig-file ?

Karsten Iwen · ‎07-15-2012

900 active signatures is quite much for a system that has no dedicated IPS-ressources.

But you can controll which and how many signatures get enabled on your router:

In the following example I first disable all signatures and enable the ones for web-servers. So just decide which signatures you need. But don't forget to monitor your router-ressources.

gw#conf t

Enter configuration commands, one per line. End with CNTL/Z.

gw(config)#ip ips signature-category

gw(config-ips-category)#?

IPS signature category configuration commands:

category Category keyword

exit Exit from Category Mode

no Negate or set default values of a command

gw(config-ips-category)#category ?

adware/spyware Adware/Spyware (more sub-categories)

all All Categories

attack Attack (more sub-categories)

configurations Configurations (more sub-categories)

ddos DDoS (more sub-categories)

dos DoS (more sub-categories)

email Email (more sub-categories)

instant_messaging Instant Messaging (more sub-categories)

ios_ips IOS IPS (more sub-categories)

l2/l3/l4_protocol L2/L3/L4 Protocol (more sub-categories)

network_services Network Services (more sub-categories)

os OS (more sub-categories)

other_services Other Services (more sub-categories)

p2p P2P (more sub-categories)

reconnaissance Reconnaissance (more sub-categories)

releases Releases (more sub-categories)

specially_licensed_signature Specially Licensed Signature (more sub-categories)

telepresence TelePresence (more sub-categories)

uc_protection UC Protection (more sub-categories)

viruses/worms/trojans Viruses/Worms/Trojans (more sub-categories)

web_server Web Server (more sub-categories)

gw(config-ips-category)#category all

gw(config-ips-category-action)#retire true

gw(config-ips-category-action)#exit

gw(config-ips-category)#category web_server

gw(config-ips-category-action)#?

Category Options for configuration:

alert-severity Alarm Severity Rating

enabled Enable Category Signatures

event-action Action

exit Exit from Category Actions Mode

fidelity-rating Signature Fidelity Rating

no Negate or set default values of a command

retired Retire Category Signatures

gw(config-ips-category-action)#retired false

gw(config-ips-category-action)#exit

gw(config-ips-category)#exit

Do you want to accept these changes? [confirm]

gw(config)#

gw(config)#exit

gw#sh ip ips configuration | s IPS Signature Status

IPS Signature Status

Total Active Signatures: 131

Total Inactive Signatures: 4370

gw#

I didn't follow the thread and answered your first post to have less line-breaks in this post.

View solution in original post

Karsten Iwen · ‎07-14-2012

The ISRs can run IPS (which is stated in the docs), but you need the "Services for IPS" which is an additional license. Do you have that? You can control that with the command:

show ip ips license

I forgot one thing: Which IOS-version are you running? The requirements depend on the version.

Nachricht geändert durch Karsten Iwen

Imran Ahmad · ‎07-14-2012

ISR2921#sho ip ips license

IPS License Status: Not Required

Current Date: Jul 14 2012

Expiration Date: Not Available

Extension Date: Not Available

Signatures Loaded: Not Available S0.0

Signature Package: Not Available S0.0

-------

Sho ver output >> Version 15.1(4)

Karsten Iwen · ‎07-14-2012

ok, how did you try to download the signatures? With auto-update from on the router from cisco.com? Have you imported the cisco.com public-key?

An alternative way to download is directly from cisco.com and to import the file into the router:

http://www.cisco.com/cisco/software/navigator.html?mdfid=281442967

Imran Ahmad · ‎07-14-2012

Yes i tried to download with auto-update from the Router itself. but i didnt imported the Public-key. i tried to findout and import the public-key but i couldnot find it. can you instruct me on how to import the public-key?

the link you sent me for downloading the sig-file directly from cisco.com, while i opened that it gives a error message as bellow :

The download process was interrupted.Please restart the download process. If you continue to see this message, contact Cisco support at web-help@cisco.com.

Karsten Iwen · ‎07-14-2012

The procedere to set IPS up is described in the Sec Configuration Guide:

http://www.cisco.com/en/US/partner/docs/ios-xml/ios/sec_data_ios_ips/configuration/15-1mt/sec-data-ios-ips-15-1mt-book.html

The public key can be found here:

http://www.cisco.com/en/US/partner/docs/ios-xml/ios/sec_data_ios_ips/configuration/15-1mt/sec-ips5-sig-fs-ue.html#GUID-B439BF8F-6FF1-45DE-ADD4-7DCA9133D48C

Imran Ahmad · ‎07-14-2012

While i click on the link you sent above i get the following error mesage. i dont have cco account as cisco.com

Forbidden File or Application

The file or application you are trying to access may require additional entitlement or you are trying to access a file with an invalid name. Additional entitlement levels are granted based on a users relationship with Cisco on a per-application basis.

If you feel you have reached this page in error, please try one of the following methods to locate your document:

If you are manually entering the URL into your browser location bar, be sure to include the file name of the page you are trying to access (file names typically end in .htm, .html or .shtml).
Use the Search feature located in the upper right section of this page.
Return to the Cisco.com Home or select a primary site area from the top navigation bar.
Consult with your Cisco Account Manager to confirm you have the appropriate entitlement to access this page.

If you would like to contact someone about this problem, please click on the Contacts & Feedback link below.

Back

Karsten Iwen · ‎07-14-2012

For download you need a valid cco-account. Ask your cisco-partner where you bought the router. They can assist you in creating the account and attach the needed download-rights.

Imran Ahmad · ‎07-14-2012

ok. thanks. can you tell me what is the latest IOS IPS Sigature-File version ? is it S636 or how.

I am asking this question because the cisco-partner who we have purchased the router , he has given us this verion of ips sig-file and saying that this is the latest version

Karsten Iwen · ‎07-14-2012

That's right. For IOS-IPS it's the latest version.

Imran Ahmad · ‎07-15-2012

Ok i downloaed the IOS IPS file into my router, and it is enabled now. But when i the enabled signatures, it shows only 923-enabled signatures on my router

Can't i download more signatrues and update my router ips signatures? for doing this do it need any extra license or how ? please instruct

Karsten Iwen · ‎07-15-2012

900 active signatures is quite much for a system that has no dedicated IPS-ressources.

But you can controll which and how many signatures get enabled on your router:

In the following example I first disable all signatures and enable the ones for web-servers. So just decide which signatures you need. But don't forget to monitor your router-ressources.

gw#conf t

Enter configuration commands, one per line. End with CNTL/Z.

gw(config)#ip ips signature-category

gw(config-ips-category)#?

IPS signature category configuration commands:

category Category keyword

exit Exit from Category Mode

no Negate or set default values of a command

gw(config-ips-category)#category ?

adware/spyware Adware/Spyware (more sub-categories)

all All Categories

attack Attack (more sub-categories)

configurations Configurations (more sub-categories)

ddos DDoS (more sub-categories)

dos DoS (more sub-categories)

email Email (more sub-categories)

instant_messaging Instant Messaging (more sub-categories)

ios_ips IOS IPS (more sub-categories)

l2/l3/l4_protocol L2/L3/L4 Protocol (more sub-categories)

network_services Network Services (more sub-categories)

os OS (more sub-categories)

other_services Other Services (more sub-categories)

p2p P2P (more sub-categories)

reconnaissance Reconnaissance (more sub-categories)

releases Releases (more sub-categories)

specially_licensed_signature Specially Licensed Signature (more sub-categories)

telepresence TelePresence (more sub-categories)

uc_protection UC Protection (more sub-categories)

viruses/worms/trojans Viruses/Worms/Trojans (more sub-categories)

web_server Web Server (more sub-categories)

gw(config-ips-category)#category all

gw(config-ips-category-action)#retire true

gw(config-ips-category-action)#exit

gw(config-ips-category)#category web_server

gw(config-ips-category-action)#?

Category Options for configuration:

alert-severity Alarm Severity Rating

enabled Enable Category Signatures

event-action Action

exit Exit from Category Actions Mode

fidelity-rating Signature Fidelity Rating

no Negate or set default values of a command

retired Retire Category Signatures

gw(config-ips-category-action)#retired false

gw(config-ips-category-action)#exit

gw(config-ips-category)#exit

Do you want to accept these changes? [confirm]

gw(config)#

gw(config)#exit

gw#sh ip ips configuration | s IPS Signature Status

IPS Signature Status

Total Active Signatures: 131

Total Inactive Signatures: 4370

gw#

I didn't follow the thread and answered your first post to have less line-breaks in this post.

Imran Ahmad · ‎07-15-2012

Ok Thanks for your instruction.

If i want to update my signatre-database to get the new updates, do i need to have a separate license for ? or i can download new updates normaly

Imran Ahmad · ‎07-15-2012

I think for updating IPS Signature-File, a CCO account is required. am i right ?

butchie_t · ‎07-17-2012

Yes you do need a CCO account. Go ahead and sign up for one. You don't need any additional access for the CCO account.

Sent from Cisco Technical Support iPad App

IOS IPS Signature-File

Forbidden File or Application