Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
783
Views
0
Helpful
1
Replies

IPS(ASA moduel) signature upgrade cause users lost connectivity to outside

jason_majie
Level 1
Level 1

‎10-08-2010 12:53 AM - edited ‎03-10-2019 05:09 AM

Hi All:

need you adivse.


i have two ASA running A/S mode, both ASA have ASA-SSM-AIP-20-K9 inside with fail-open option and identical configuration


Any time i upgrade IPS signature/OS, users will experience around 1 minute downtime to outside.

Is this a correct behavior?

Thanks

Labels:
0 Helpful
1 Reply 1

Scott Fringer
Cisco Employee
Cisco Employee

‎10-08-2010 02:56 AM

Jason;

  That is not expected behavior for signature updates.  On the AIP-SSM's configuration, have you changed the bypass mode to off?

  For software upgrades, which require the AIP-SSM to reboot, a failover of the ASA is expected if you have not disabled the IPS inspection service policy prior to performing the upgrade.

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card