Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
521
Views
0
Helpful
1
Replies

Is it really possible to revert IPS signatures from CSM

Go to solution
zheka_pefti
Level 2
Level 2

‎10-15-2009 02:55 PM - edited ‎03-10-2019 04:48 AM

Hi folks,

I've been trying to revert IPS signatures that I deployed through CSM Signature policies to the older release but it doesn't seem to be working. Contrary to it Cisco's CSM guide says:

If you later decide that you did not want to apply a signature update, you can revert to the

previous update level by selecting the Signatures policy on the device, clicking the View

Update Level button, and clicking Revert

I can't imagine it is possible as the signatures are normally compiled into xml files. How would the sensor do it ?

Eugene

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎10-16-2009 05:37 AM

During installation a copy of files that will be replaced or updated during the installation will be copied into a backup directory.

The CLI has a "downgrade" command that can uninstall the last update, and the backup copies will be used to replace the files being removed.

A few things to be aware of:

1) Old configuration will be copied back. So changes made since the update may be lost.

2) This works only for Engine Updates and Signature Updates. Major Updates, Minor Updates, and Service Packs replace the complete operating system so there is too much data to try and make backup copies for.

3) This works only for the last update installed. Once you've downgraded the latest one, you can't downgrade the previous one.

4) This can be done through CLI, and now also available in CSM.

Here are some things to check in your situation where it appears to not be working.

Login to the sensor and execute "show ver".

Does the history in the "show ver" output show a Signature Update package as the last update installed?

If not then either another downgrade was previously done, or a Major Update, Minor Update, or Service Pack was the last package installed and can't be downgraded.

If it can't be done through CSM you might try the CLI' "downgrade" command and see if it works through the CLI or if the CLI gives you an error and explanation.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
marcabal
Cisco Employee
Cisco Employee

‎10-16-2009 05:37 AM

During installation a copy of files that will be replaced or updated during the installation will be copied into a backup directory.

The CLI has a "downgrade" command that can uninstall the last update, and the backup copies will be used to replace the files being removed.

A few things to be aware of:

1) Old configuration will be copied back. So changes made since the update may be lost.

2) This works only for Engine Updates and Signature Updates. Major Updates, Minor Updates, and Service Packs replace the complete operating system so there is too much data to try and make backup copies for.

3) This works only for the last update installed. Once you've downgraded the latest one, you can't downgrade the previous one.

4) This can be done through CLI, and now also available in CSM.

Here are some things to check in your situation where it appears to not be working.

Login to the sensor and execute "show ver".

Does the history in the "show ver" output show a Signature Update package as the last update installed?

If not then either another downgrade was previously done, or a Major Update, Minor Update, or Service Pack was the last package installed and can't be downgraded.

If it can't be done through CSM you might try the CLI' "downgrade" command and see if it works through the CLI or if the CLI gives you an error and explanation.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card