Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
489
Views
8
Helpful
3
Replies

Mirror filters on backup IPS

Go to solution
natehausrath
Level 1
Level 1

‎08-25-2008 06:41 AM - edited ‎03-10-2019 04:15 AM

Hey everyone,

We have two ASA AIP SSM-20s set up where one is in standby mode. The IPSes are running 6.1(1) E2.

Is there an easy way to mirror event action filters I create across both machines so I don't have to manually create each filter twice? Actually, I'd like to mirror all changes if possible, but primarily the event action filters.

Thanks for any suggestions!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-25-2008 06:58 AM

Initially a simple copy paste should be enough (Except maybe you would want to use separate management IPs for each).

For event action filters, keep updating them and re-ordering them on the primary ASA IPS. Whenever you make changes on the primary AIP-SSM, do the following on the secondary AIP-SSM:

(config)# service event-action-rules rules0

(config-eve)# default filters

Then copy paste all the filters (including the ordering commands) from the primary box. Then apply the changes. This should do the trick, even tough I am yet to test this myself.

Regards

Farrukh

View solution in original post

3 Replies 3

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-25-2008 06:58 AM

Initially a simple copy paste should be enough (Except maybe you would want to use separate management IPs for each).

For event action filters, keep updating them and re-ordering them on the primary ASA IPS. Whenever you make changes on the primary AIP-SSM, do the following on the secondary AIP-SSM:

(config)# service event-action-rules rules0

(config-eve)# default filters

Then copy paste all the filters (including the ordering commands) from the primary box. Then apply the changes. This should do the trick, even tough I am yet to test this myself.

Regards

Farrukh

Go to solution
jnommensen
Level 1
Level 1
In response to Farrukh Haroon

‎11-19-2008 01:17 PM

Wow, thank you so much! I just did this and it worked beautifully. Just want to add that the command is "show configuration" that generates the signature details that you are going to copy and paste later.

0 Helpful

Go to solution
sanborn
Level 1
Level 1

‎11-19-2008 06:46 PM

If you want, you can backup and restore the entire SSM config except for the network settings,

(host-name/ipaddress/netmask/gateway/access-list)

Backup SSM Config on ssm-1

==========================

ssm-1# copy current-config ftp:

User: administrator

Server's IP Address: 10.90.0.100

Port[21]:

File name: ssm-1

Password: ******

Restoring SSM Config (From SSM1 backup to SSM2)

===============================================

ssm-2# copy ftp: current-config

User: administrator

Server's IP Address: 10.90.0.100

Port[21]:

File name: ssm-1

Password: ******

Warning: Copying over the current configuration may leave the box in an unstable state.

Would you like to copy current-config to backup-config before proceeding? [yes]: yes

Warning: Replacing existing network-settings may leave the box in an unstable state.

Would you like to replace existing on the sensor? [no]:

sh config (to verify)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card