Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Unable to Download Signature Updates behind IPS


I am having IPS 5.1. Since after S226, I have not been able to download Sig Updates from behind the IPS. I have to manually download the SigUpdates from a different location and transfer it to the Station from where I can updae the signatures. I have also raised a TAC case, but it has not been resolved yet. The unique part is that I am unable to download only from the Cisco SigUpdate site and that too only the SigUpdates. Other files I can download. What they have asked is that I need to disable all signatures and try to download the update, to ascertain whether the problem is with the IPS or elsewhere. All the currently loaded sigs have been checked for blocking, but no obvious indicators. My question is, what is the cleanest and the easiest way to disable the sigs and check and then restore it back? I hope I dont have to manually disable individual signature, and then re-enable it. Also, I am wary about backing up, and then simply restoring it. The last time I did it, the restore process went awry and I had to manually tune individual signatures, which is a very tedious and a risky process. Can someone help me with a script or something? Thanks in Advance.


Re: Unable to Download Signature Updates behind IPS

Hi ..

I suggest.

1.- Backup your config to a ftp server

sensor# copy current-config ftp://qa_user@

Password: ********

2.- Use the IPM and from the configuration tab make sure you list ALL signatures. Then click on select all tab and click on disable.

3.- Apply the changes and then perform the test

4.- After the test restore the configuration by using

sensor# copy ftp://qa_user@ current-config

Password: ********

Warning: Copying over the current configuration may leave the box in an unstable state.

Would you like to copy current-config to backup-config before proceeding? [yes]:

I hope it helps ..please rate it if it does !!!

CreatePlease to create content