Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPS 4240 Engine upgradation procedure from E3 to E4

Hi All,

Can someone help me to how to upgrade IPS 6.0(1) E1 to 7.0(2) E4.

What are images need to upgrade for this?

What is the proper procedure for upgradation?

Below is the show version results for your reference...

========================================

Cisco-IPS#

Cisco-IPS# sh ver
Application Partition:

Cisco Intrusion Prevention System, Version 6.2(1)E3

Host:
    Realm Keys          key1.0
Signature Definition:
    Signature Update    S479.0                   2010-03-19
    Virus Update        V1.4                     2007-03-02
OS Version:             2.4.30-IDS-smp-bigphys
Platform:               IPS-4240-K9
Serial Number:          JMX1244L0PK
Licensed, expires:      31-Dec-2010 UTC
Sensor up-time is 211 days.
Using 1439252480 out of 1984552960 bytes of available memory (72% usage)
application-data is using 44.0M out of 166.8M bytes of available disk space (28% usage)
boot is using 39.7M out of 68.6M bytes of available disk space (61% usage)


MainApp          E-2008_OCT_16_16_24   (Release)   2008-10-16T16:40:57-0500   Running
AnalysisEngine   E-2008_OCT_16_16_24   (Release)   2008-10-16T16:40:57-0500   Running
CLI              E-2008_OCT_16_16_24   (Release)   2008-10-16T16:40:57-0500

Upgrade History:

* IPS-sig-S465-req-E3       23:00:43 UTC Thu Jan 28 2010
  IPS-sig-S479-req-E3.pkg   00:05:37 UTC Wed Apr 07 2010

Recovery Partition Version 1.1 - 6.2(1)E3

Host Certificate Valid from: 17-Nov-2008 to 18-Nov-2010

Cisco-IPS#

Cisco-IPS#

=================================

Regards,

Anuj Pratap

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: IPS 4240 Engine upgradation procedure from E3 to E4

No, do not perform system reimage (IPS-4240-K9-sys-1.1-a-7.0-2-E4.img), that would wipe out all your configuration.

Just perform the upgrade using this upgrade file: IPS-K9-7.0-2-E4.pkg, and that would automatically upgrade it to 7.0.2(E4).

12 REPLIES
Super Bronze

Re: IPS 4240 Engine upgradation procedure from E3 to E4

From the show version output, it says the version is 6.2(1)E3, so you can upgrade it directly to version 7.0.2(E4) using the following upgrade file: IPS-K9-7.0-2-E4.pkg

You can just use IDM to load the software from your desktop, and it will upload the upgrade file to the IPS and reload the appliance automatically.

New Member

Re: IPS 4240 Engine upgradation procedure from E3 to E4

Should i need to upgrade IPS image 1st (IPS-4240-K9-sys-1.1-a-7.0-2-E4.img) and then upgrade to Engine (IPS-engine-E4-req-7.0-2.pkg)???

Or just need (IPS-K9-7.0-2-E4.pkg) file to upgrade and both image and Engine will upgrade. Please confirm.

Super Bronze

Re: IPS 4240 Engine upgradation procedure from E3 to E4

No, do not perform system reimage (IPS-4240-K9-sys-1.1-a-7.0-2-E4.img), that would wipe out all your configuration.

Just perform the upgrade using this upgrade file: IPS-K9-7.0-2-E4.pkg, and that would automatically upgrade it to 7.0.2(E4).

Re:IPS 4240 Engine upgradation procedure from E3 to E4

Hi Halijenn,

I have upgraded my IPS 4260 with below engine file(IPS-engine-E4-req-7.0-2.pkg) only. as per the cisco cocument (Refrence below with link).But now it is not showing Virus Update in sh version.  Please help.

IPS1# sh ver
Application Partition:

Cisco Intrusion Prevention System, Version 7.0(2)E4

Host:
    Realm Keys          key1.0
Signature Definition:
    Signature Update    S492.0                   2010-05-26
OS Version:             2.4.30-IDS-smp-bigphys
Platform:               IPS-4260-K9
Serial Number:          xxxxxxxxxxx

Licensed, expires:      xxxxxxxxxx
Sensor up-time is 20 days.
Using 1901256704 out of 4100345856 bytes of available memory (46% usage)
system is using 17.4M out of 38.5M bytes of available disk space (45% usage)
application-data is using 46.8M out of 166.8M bytes of available disk space (30% usage)
boot is using 41.5M out of 69.5M bytes of available disk space (63% usage)
application-log is using 494.0M out of 513.0M bytes of available disk space (96% usage)


MainApp            B-BEAU_2009_OCT_15_08_07_7_0_1_111   (Ipsbuild)   2009-10-15T08:09:06-0500   Running
AnalysisEngine     BE-BEAU_E4_2010_MAR_25_02_09_7_0_2   (Ipsbuild)   2010-03-25T02:11:05-0500   Running
CollaborationApp   B-BEAU_2009_OCT_15_08_07_7_0_1_111   (Ipsbuild)   2009-10-15T08:09:06-0500   Running
CLI                B-BEAU_2009_OCT_15_08_07_7_0_1_111   (Ipsbuild)   2009-10-15T08:09:06-0500

Upgrade History:

* IPS-engine-E4-req-7.0-2   16:27:30 UTC Mon Jun 07 2010

Note:-   You must upgrade IPS 7.0(2)E3 to IPS 7.0(2)E4 using the engine upgrade file (IPS-engine-E4-req-7.0-2.pkg) because you are upgrading the engine only. You cannot use the IPS-K9-7.0-2-E4.pkg upgrade file to upgrade from 7.0(2)E3 to 7.0(2)E4. Engine updates may or may not cause the sensor to reboot.

http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/21671_01.html#wp1235012

Regards,

Saurabh

Cisco Employee

Re:IPS 4240 Engine upgradation procedure from E3 to E4

Saurabh;

  The virus update has been removed as it is no longer an actively updated component of the IPS software.  It was utilized through a joint effort with Trend Micro and managed through the Cisco Incident Control Server which is no longer available.  So, it will no longer be present in future versions of the software.

Scott

Re:IPS 4240 Engine upgradation procedure from E3 to E4

Thanks Scott......

Regards,

Saurabh

New Member

Re:IPS 4240 Engine upgradation procedure from E3 to E4

Hi All,

      Please let me how to upgrade IPS from E1 to E4, also let me what are recomended upgrade, procedures and file names. Please provide link to documents to refer.


I am planning for 7.0(4)E4 or 7.0(2)E4

CSS_SSM# sh version [2C

Application Partition:

Cisco Intrusion Prevention System, Version 6.0(2)E1

Host:

Realm Keys key1.0

Signature Definition:

Signature Update S292.0 2007-06-27

Virus Update V1.2 2005-11-24

OS Version: 2.4.30-IDS-smp-bigphys

Platform: ASA-SSM-10

Serial Number: XXXXXXXX

Trial license, expires: XXXXXXXXXX

Sensor up-time is XX days.

Using 671711232 out of 1032577024 bytes of available memory (65% usage)

system is using 14.1M out of 29.0M bytes of available disk space (51% usage)application-data is using 34.2M out of 166.8M bytes of available disk space (24% usage)boot is using 37.8M out of 68.6M bytes of available disk space (58% usage)

MainApp 2007_MAR_29_14_06 (Release) 2007-03-29T14:44:36-0600 Running

AnalysisEngine 2007_MAR_29_14_06 (Release) 2007-03-29T14:44:36-0600 Running

CLI 2007_MAR_29_14_06 (Release) 2007-03-29T14:44:36-0600

Upgrade History:

* IPS-K9-6.0-2-E1 08:36:00 UTC Thu Mar 29 2007

--MORE--


IPS-sig-S292-req-E1.pkg 00:20:05 UTC Tue Jul 03 2007

Recovery Partition Version 1.1 6.0(2)E1

--------RD

Cisco Employee

Re:IPS 4240 Engine upgradation procedure from E3 to E4

You should be able to download the 7.04(4)E4 upgrade package from cisco.com and upgrade directly.

The filename is: IPS-K9-7.0-4-E4.pkg

The upgrade process is outlined in the release notes:

http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/22789_01.html

Scott

New Member

Re:IPS 4240 Engine upgradation procedure from E3 to E4

Hi Scott,

        Thnx for reponse. Can you plese confirm if E1 to E4 direct upgrade is possible or I need to upgrade E1-->E2-->E3-->E4. Also if i need to check memory for the same like what we check for router and switch.

relese notes says

1) The minimum required version for upgrading to 7.0(2)E4 is 5.1(8)E2 or later.

2) You cannot upgrade 7.0(2)E3 to 7.0(2)E4 using the IPS-K9-7.0-2-E4.pkg upgrade file. You must use

the engine update file, IPS-engine-E4-req-7.0-2.pkg.

Basicaly I am strugling in choosing exact file which need to upgrade.

------RD

Cisco Employee

Re:IPS 4240 Engine upgradation procedure from E3 to E4

RD;

There is no need to upgrade through each successive analysis engine

update (in fact, it is not easily possible). You should be able to

simply apply the 7.0(4)E4 upgrade package over your 6.0(2)E1

installation. There is also no need to check memory, as memory is not

expandable in Cisco's IPS products. You only need verify that the

platform in question (AIP-SSM-10 in your case) is supported by the

version of software you are wanting to upgrade (7.0(4)E4 does support

the AIP-SSM-10) as listed here:

http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/22789_01.html#wp1272124

Scott

New Member

Re:IPS 4240 Engine upgradation procedure from E3 to E4

I read minimum requirement which is 5.1(8) E3, here I am confused.

Cisco Employee

Re:IPS 4240 Engine upgradation procedure from E3 to E4

As you are running 6.0(2), you are ahead of the 5.1(8) minimum requirement.

Scott

2742
Views
1
Helpful
12
Replies