I received the S253 sig update notification yesterday and for the first time it appears the text indicates that I can upgrade my IDS 4210 to the 5.2 version needed to have continued sig support. What is the upgrade path? What do I need to order? Everytime I use the PUT it only shows me the upgrade package for my current 4.1 version. I think I would much rather upgrade my current sensor than spend $$$ on purchasing a whole new one. Thanks.
Yeah, I understand that it is EOL. That is why I was stunned to see the verbiage that indicated it could be upgraded to the 5.1 version. I HAD an SU1. I don't know if it is current. It WAS current when they first announced 5.1 release. But, the PUT would never reflect the correct part order for the 5.1 upg. I tried to do it via phone one time and they (cisco) still sent me the 4.x version upg box. Oh well.
When you get to 5.1.3, you will need to install a license to apply sigupdates. Here is the upgrade path:
- upgrade to 5.0.1
- upgrade to 5.1.1
- upgrade to 5.1.3
- install license
- upgrade to lastest sigupdate
NOTE: Due to the 4210's low mem (256 Meg), you may hit an issue upgrading to 5.0.1 where sensorApp runs out of memory building its internal tables. The symptoms are that you will get an AnalysisEngine busy message when attempting to upgrade from 5.0.1 to 5.1.1. If you have given the sensor a reasonable time to rebuild its tables after the upgrade to 5.0.1 (5 min to 30 min) then log into the service account and check to see if sensorApp is still running "ps -ef". If it is not, then you will need to run the recover command (from CLI, "recover app"). You will lose your signature config settings when you recover. Wait until after you upgrade to 5.1.3 to add the sig cfg settings back.
The IDS-4210 IS capable of running IPS version 5.1 software and will continue to receive signature updates as long as IPS 5.1 signature updates continue to be created.
No date has yet been announced for when IPS 5.1 signature updates will stop, but I would expect no less that 18 months from now.
An IPS Service Contract and associated Signature Update License is required for installing signature updates in IPS 5.1.
If you already have an IPS Service Contract then you can upgrade to 5.1 and request the associated License for your sensor.
(NOTE: A Service Contract has always been required for the installation of signature updates, but was previously not enforced by software. It is now being enforced by the IPS 5.1 software through the use of the License received through the Service Contract)
As for memory requirements. The following is stated in the 5.0(1e) Readme file:
- 512 MB of RAM memory on the IDS-4210, IDS-4210-K9, and IDS-4210-NFR (NOTE: this upgrade is no longer available as the IDS-4210-MEM-U= part has been end-of-saled).
If you previously upgraded to 512MB then you are fine.
If not, you would need to open the IDS-4210 and determine what the memory part number is and attempt to purchase additional memory matching that part number from any vendor that you can find (does not have to have been specifically sold by Cisco, but should match the part number of the memory already in the system). The memory is longer being manufactured so Cisco was no longer able to sell that part.
You should NOT attempt to install 5.0 or 5.1 on a sensor running only 256MB of memory. The sensor will never run properly.
If you do not already have an IPS Service Contract for your sensor, then you need to contact your Cisco Sales Representative. The last day you could have purchased a new service contract for the IDS-4210 was back on December 6, 2004.
Yoru Cisco Sales Representative may be able to give you a discount on upgrading your IDS-4210 to a newer IDS-4215.
Looking at one of ours in the lab, it appears that, generically, the memory is PC100, 256M, ECC, Unbuffered. There is room for 4 DIMMs, but if I recall correctly, the hardware is limited to 512MB. The OEM manf. of the sensor is Dell and it was sold by Dell as their PowerApp 100 Web. Dell no longer supports the hardware and Crucial has no solution for the PowerApp 100 Web either. Hopefully this information will let you locate some memory for the device.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :