Fact: I have a 4230 Sensor: v3.0.3.eng2-beta (given to me from TAC to fix packetd daemon failure problem) and a Unix director: 2.2.3(s9).
1) I have not updated any signature or service packs since S9. Is it possible to apply the S12 service pack and then jump to signature update IDSk9-sig-3.0-3-S13, bypassing S11 update?
2) Also, I have created custom signature for SSH CRC32 Buffer Overflow Vulnerability, Goner worm, etc. Will updating signature over-write these and other custom signature setting (i.e. tcp resets settings).
The first thing that you will have to do is uninstall the engineering build. None of the official releases will install over it. The uninstall instructions should have been included with the engineering build. (I believe it is also mentioned in the 3.0(3)S12 Service Pack readme as well).
As to question 1), yes this can be done since the service packs and signature updates are cumulative for their respective packages. Once the engineering build has been uninstalled, install the 3.0(3)S12 service pack and then the 3.0(3)S13 signature update. (In that order)
Neither of these packages should change any of your custom signatures or tunings. If you wish to be safe, make a copy of /usr/nr/etc/SigSettings.conf and the /usr/nr/etc/SigUser.conf files before running the packages. TCP resets for anything other than custom signatures would be in the packetd.conf file. After you install the service pack, you should be able to push your current configurations from the CSPM or Unix Director (which everone you are using) back to the sensor and then install the signature update.
1) Uninstall the 3.0.3.eng2-beta (the engineering release should have some unistallation instructions to return you to an official release version)
2) Install the released 3.0(3)S12 Service Pack for the appliance (can be installed on any release version between 3.0(1)S4 and 3.0(3)S12)
3) Install the latest signature update for the sensor (I think it is 3.0(3)S13, but check CCO to be sure, if S14 is out then you can go from 3.0(3)S12 to S14 and skip S13 install) (can only be installed on a sensor upgraded to at least the 3.0(3)S12 Service Pack).
The customizations you've made should be preserved when upgrading using released versions.
Since the engineering version was not an official released version I can not gurarntee that it won't cause a problem with the customizations during uninstall (but I don't think it would). Just in case you can copy the SigUser.conf, SigSettings.conf and packetd.conf files to a backup directory before uninstalling the engineering version, and compare them after you've uninstalled the engineering version to make sure nothing changed.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :