Unable to Download Signature Updates behind IPS

ajay_dand · ‎07-03-2006

Hi,

I am having IPS 5.1. Since after S226, I have not been able to download Sig Updates from behind the IPS. I have to manually download the SigUpdates from a different location and transfer it to the Station from where I can updae the signatures. I have also raised a TAC case, but it has not been resolved yet. The unique part is that I am unable to download only from the Cisco SigUpdate site and that too only the SigUpdates. Other files I can download. What they have asked is that I need to disable all signatures and try to download the update, to ascertain whether the problem is with the IPS or elsewhere. All the currently loaded sigs have been checked for blocking, but no obvious indicators. My question is, what is the cleanest and the easiest way to disable the sigs and check and then restore it back? I hope I dont have to manually disable individual signature, and then re-enable it. Also, I am wary about backing up, and then simply restoring it. The last time I did it, the restore process went awry and I had to manually tune individual signatures, which is a very tedious and a risky process. Can someone help me with a script or something? Thanks in Advance.

Fernando_Meza · ‎07-03-2006

Hi ..

I suggest.

1.- Backup your config to a ftp server

sensor# copy current-config ftp://qa_user@10.89.146.1//tftpboot/update/qmaster89.cfg

Password: ********

2.- Use the IPM and from the configuration tab make sure you list ALL signatures. Then click on select all tab and click on disable.

3.- Apply the changes and then perform the test

4.- After the test restore the configuration by using

sensor# copy ftp://qa_user@10.89.146.1//tftpboot/update/qmaster89.cfg current-config

Password: ********

Warning: Copying over the current configuration may leave the box in an unstable state.

Would you like to copy current-config to backup-config before proceeding? [yes]:

I hope it helps ..please rate it if it does !!!