I am having issues with the IPS sensor not doing the global correlation updates. The IPS module has access to the internet and I can ping the server which serves the updates. Anything else to be checked?
To add to the previous post, I am seeing the following error:
08Jun2009 collaborationApp rep/E A global correlation update failed: openConnection: Caught IpAddrException badAddrString
Messages, like this one, in the category - Reputation update failure - were logged 24 times in the last 7200 seconds.
the issue that you are experiencing is due to a new feature that is turned on by default in the 7.0(1)E3 called Global Correlation. You are receiving the health critical messages because the IPS is not setup to allow the Global Correlation updates. You can turn this
Global Correlation feature off in IME by going to Configuration->Policies->Global
Correlation and turning off the Inspection/Reputation and Network Participation settings.
If you want to use this feature you will need to setup a proxy or DNS on the
I understand that Global Correlation is a new feature. I am trying to get it to work so that it can go fetch updates but it doesnt work. The IPS module has the required DNS servers listed and also Internet connection. But still it doesnt work.
Have you configured DNS or proxy server as per
I have configured the DNS servers and the IPS module can ping the DNS server. I can also ping the IP address to which IPS is going to go to download the updates from.
sorry for the late response...
You may be hitting CSCsy29617 Sensor unable to download global correlation update files
Thanks for your responses. I figured out what the issue was. I didnt have Network Participation turned on. As soon as I turned it on and restarted the module, everything seems to work fine. I dont have static NAT entry for it.
I was having issues updating the Global Correlation feature as well. From a packet capture, I found that the sensor was trying to open an http connection to two IP addresses (22.214.171.124 and 126.96.36.199). After I allowed this in addtion to the update-manifest.ironport.com IP address for https, the updates started working.
I do not have Network Participation enabled.
Try adding some or all the following IP addresses for access to the device: