I have a IDS-4215 sensor with version 5.1(5)E1S333V1.2
I tried several times updating signatures with next version on it but it doesnot get updated and only the local MC gets upgraded. I have other IDS sensors also but I dont have any problem updating signatures with them.
Why are the signatures not getting updated on this Sensor.
Help me with a solution. All helpful posts will be rated.
Thanks for the reply. I already have IPS-K9-5.1-8-E2.pkg loaded. The problem is when I try to upgrade the sensor, the sensor accepts the signature but doesnot get updated. Only MC gets upgraded. I repeated multiple times but no use.
I have updated my other 4 sensors to E2 and with the latest signature update S355 which is released today. I had no problem with these sensors but the problem is with the one sensor mentioned above.
Did you try applying S355 directly to the sensor using the CLI or IDM rather than the MC?
Sometimes you don't get good error messages when trying to apply through the MC.
If you apply through CLI or IDM did you get any messages back from the sensor?
Did you get a success messgae? If doing it from the CLI did it come back to a CLI prompt?
If no error messages come back when trying the upgrade, then it will require looking at a "show tech" from your sensor to try and see what is going on.
You would not want to copy that output to this forum, so your best bet would be to open up a TAC case and provide them the output from when you tried applying the update through the CLI or IDM, as well as the output from the "show tech" taken immediately after the failed upgrade attempt.
I am not currently aware of any situation where the upgrade would fail without some type of error message being returned.
Here, however, are some common errors that should return an error message (I don't remember the exact wording of the error messages):
1) sensorApp/analysis engine is Not Running
(you can check "show version" before doing the upgrade to make sure it is Running).
2) sensorApp/analysis engine is not responding (you can do a "show stat vi" before trying the upgrade to ensure it is responding to statistic requests before trying the upgrade)
3) license has expired (you can do a "show ver" and make sure the license has not expired)
4) Signature Update already installed - This is a tricky one. This can happen when a previous attempt to update at that same signature level failed, but left some remnants around. The second attempt to install the same update detects the remains of the previous failure and incorrectly thinks that the update is already installed. There are 2 ways to recover from this. Save off the config, and do a recover-application command to re-image the sensor, then re-apply the config. Or wait till the next signature update S356 comes out and try it with the newer sig update. I haven't seen this problem in a long time, and I am not sure if it can happen anymore. Steps were taken to try and prevent this from happening.
5) sensorApp/analysis engine could stop During the signature update - This can happen on lower end sensors like the IDS-4215 especially when tunings have been made to the signatures or custom signatures have been created. The low end sensors have limited memory. When a new signature update is applied the sensor has to compile the new signatures. If using the standard set of signatures with no user tunings, then the signature update should apply fine. But if the customer has made tunings and/or added custom signatures, then this compiling of the new signatures could push the sensor above it's allowed memory limits. The kernel will then kill sensorApp/analysis engine. The signature update will never complete (never get an error OR a success message). And the sensor has to be rebooted to get it working again. If you are running into this issue you might need to remove some of your tunings and custom signatures, apply the signature update, and then re-apply your tunings.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :