https://community.cisco.com/t5/network-security/incremental-ips-signatures-maintenance/m-p/2264633#M53562 <HTML><HEAD></HEAD><BODY><P>Hi Julio.</P><P></P><P>The problem is not staying on the latest version - which is what I do. The problem, actually, is I am avoiding a "reinstall" of IPS feature. As said, there are 50+ "<SPAN style="font-size: 10pt;">iosips-sig-default-SXXX.xmz" incremental files on my flash:ips/ folder. Since last year updating via SDM was the only available option; by S648 Cisco stopped publishing new .pkgs and at that time I had plenty of dead routers, literally out of any recovery, because of the combo IOS 15.0M and auto-updates (please read <A href="http://tools.cisco.com/security/center/viewBulletin.x?bId=464&amp;year=2012">http://tools.cisco.com/security/center/viewBulletin.x?bId=464&amp;year=2012</A>). I have recently open a new TAC and, after some internal testing, they resumed publishing .pkg files again.</SPAN></P><P></P><P>Auto signature update is not an option since then, so the only way to be back on track was using SDM. That and a manual change control process helped, but again, it is a freakin' time <SPAN style="font-size: 10pt;">consuming process</SPAN><SPAN style="font-size: 10pt;">, not only to deploy signatures but also to recover routers back after power loss. Hence my latest TAC.</SPAN></P><P></P><P>Having said that, I was wondering if, by applying the latest .pkg via CLI ("copy IOS-SXXX-CLI.pkg idconf") I could get rid of all those "iosips-sig-default-SXXX.xmz" files and reduce my effective reload times back to less than an hour. If there is no other way to reuse currently deployed sig files, I guess I should plan to clear and reapply IPS feature from the current .pkg file. That will be fun... *sigh*</P><P></P><P>Thanks,</P><P></P><P>Alex</P></BODY></HTML> Tue, 23 Jul 2013 01:01:25 GMT HQuest 2013-07-23T01:01:25Z https://community.cisco.com/t5/network-security/incremental-ips-signatures-maintenance/m-p/2264631#M53560 <P>Hello.</P><P></P><P>What is the recommended way to maintain all incremental IPS signature files created from periodic signature updates? I noticed my small 880 series routers (yeah, I use the cheap IOS IPS) restarts IPS engine for each and every incremental file available; since each restart takes close to a minute, it takes forever to return a router to its working state after any extended power outage, when you have, let's say, a couple months worth of signature updates (from S638 to S725).</P><P></P><P>Should I clear the IPS and restart it from scratch using the latest pkg/zip combo as found on SDM, just use the pkg file via CLI, or is there any command I could use to maybe merge all those incremental files?</P><P></P><P>Any suggestions are welcome.</P><P></P><P>Thanks and regards,</P><P></P><P>Alex</P> Sun, 10 Mar 2019 13:00:38 GMT https://community.cisco.com/t5/network-security/incremental-ips-signatures-maintenance/m-p/2264631#M53560 HQuest 2019-03-10T13:00:38Z https://community.cisco.com/t5/network-security/incremental-ips-signatures-maintenance/m-p/2264632#M53561 <HTML><HEAD></HEAD><BODY><P>Hello Alexandre,</P><P></P><P> I would actually recommend always stay on the latest version for that you could get the package manually as u said or go ahead and configure auto-signature update</P><P></P><P><SPAN>For Networking Posts check my blog at </SPAN><A class="jive-link-external-small" href="http://www.laguiadelnetworking.com/category/english/">http://www.laguiadelnetworking.com/category/english/</A><SPAN> </SPAN><BR /> <BR />Cheers, <BR /> <BR />Julio Carvajal Segura</P></BODY></HTML> Tue, 23 Jul 2013 00:26:02 GMT https://community.cisco.com/t5/network-security/incremental-ips-signatures-maintenance/m-p/2264632#M53561 Julio Carvajal 2013-07-23T00:26:02Z https://community.cisco.com/t5/network-security/incremental-ips-signatures-maintenance/m-p/2264633#M53562 <HTML><HEAD></HEAD><BODY><P>Hi Julio.</P><P></P><P>The problem is not staying on the latest version - which is what I do. The problem, actually, is I am avoiding a "reinstall" of IPS feature. As said, there are 50+ "<SPAN style="font-size: 10pt;">iosips-sig-default-SXXX.xmz" incremental files on my flash:ips/ folder. Since last year updating via SDM was the only available option; by S648 Cisco stopped publishing new .pkgs and at that time I had plenty of dead routers, literally out of any recovery, because of the combo IOS 15.0M and auto-updates (please read <A href="http://tools.cisco.com/security/center/viewBulletin.x?bId=464&amp;year=2012">http://tools.cisco.com/security/center/viewBulletin.x?bId=464&amp;year=2012</A>). I have recently open a new TAC and, after some internal testing, they resumed publishing .pkg files again.</SPAN></P><P></P><P>Auto signature update is not an option since then, so the only way to be back on track was using SDM. That and a manual change control process helped, but again, it is a freakin' time <SPAN style="font-size: 10pt;">consuming process</SPAN><SPAN style="font-size: 10pt;">, not only to deploy signatures but also to recover routers back after power loss. Hence my latest TAC.</SPAN></P><P></P><P>Having said that, I was wondering if, by applying the latest .pkg via CLI ("copy IOS-SXXX-CLI.pkg idconf") I could get rid of all those "iosips-sig-default-SXXX.xmz" files and reduce my effective reload times back to less than an hour. If there is no other way to reuse currently deployed sig files, I guess I should plan to clear and reapply IPS feature from the current .pkg file. That will be fun... *sigh*</P><P></P><P>Thanks,</P><P></P><P>Alex</P></BODY></HTML> Tue, 23 Jul 2013 01:01:25 GMT https://community.cisco.com/t5/network-security/incremental-ips-signatures-maintenance/m-p/2264633#M53562 HQuest 2013-07-23T01:01:25Z