Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Signature not listed in Active Signatures

Signature.JPG

Hi IPS Expert,

I found an enabled signature but not listed in Active Sigatures.

I found that Retired field is shown "Low Memory Retired" ( see image)

My understanding is that it will only be retired if Low Memory is being experienced but I dont think we have Low memory.

Regards,

Jhun

1 REPLY
Cisco Employee

Signature not listed in Active Signatures

Jhun,

Your understanding is not correct. The setting relates to platform capacity - not if the platform is experiencing a low memory scenario.

Signature load thresholding was added in engine release E4; I'm including a link to the 7.0.2E4 release notes so you can see the whole thing:

http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/21671_01.html#wp1265369

In short - if you have a low memory classified system, a signature status of "low-memory-retired" will cause that particular signature to NOT load by default. You can set the status to retired=false to override the default setting.

The low & med memory retired settings allow us to enable additional protections on larger platforms that have additional capacity in a "automatic" fashion.

819
Views
0
Helpful
1
Replies
CreatePlease to create content