Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Signatur updates for Cisco IPS 4510

Hi there.

I one question to all cisco IDS/IPS professionals. If the management port only accept inbound traffic how can I then activate my Cisco 4510 IPS appliance to get automatically signature updates from cisco.com ? That one requires outbound traffic too. 

Thanks.

.

Everyone's tags (4)
5 REPLIES
VIP Purple

Signatur updates for Cisco IPS 4510

You Management0/0-port only supports "to-the-box" traffic which means that you can't use that port for an inline pair or a vlan-pair. But with the IP on that port configured, you can not only connect to your sensor, the sensor can also initiate connection to the rest of the network and so you can reach your update-destionations.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Re: Signatur updates for Cisco IPS 4510

I already configured ip address ón my management port. Will thar mean that it should be possible to inititativet trafficking from that port ?

Sent from Cisco Technical Support iPhone App

VIP Purple

Re: Signatur updates for Cisco IPS 4510

Yes, you can try it from CLI with the "copy"-command and a local FTP-Server. If your IP-settings are correct, then it should work.

Sent from Cisco Technical Support iPad App


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
New Member

Re: Signatur updates for Cisco IPS 4510

Hi Karsten,

I cannot test with FTP because I dont have any FTP servers availeble. But when try to get updates from 

https://72.163.4.161//cgi-bin/front.x/ida/locator/locator.pl I dont see any outbound traffic from my IPS appliance. Are you sure about that the management interface can intiate outbound traffic ?

VIP Purple

Re: Signatur updates for Cisco IPS 4510

From the console you can ping and traceroute to test the reachability. Have you double-checked your IP-settings with the Default-Gateway for the sensor? It really should work that way.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
616
Views
0
Helpful
5
Replies