Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1128
Views
0
Helpful
1
Replies

Cisco IPS 4260 - Signature Export / Import

somebody_76
Level 1
Level 1

‎09-09-2011 06:05 AM - edited ‎03-10-2019 05:28 AM

Hi all,

we have two environments, one test and one production, each with two Cisco IPS 4260 sensors equipped. We use for the administration of the sensors Cisco IME 7.0.3. The sensors are running with IPS engine 7.0(5a)E4.

Now we tested the Cisco IPS in the test environment with a special signature set and want to go in production with these settings. So we need to export the signature set with the enabled signatures and import them into the production environment. After studying the forum there is obviously no other solution than copying the current config to a file server and edit the current config of the sensor in the test enviroment and transfer it to the production system. Is there no other solution for this or do we really need to do this import/export manually? We paid much money for this sensors and we're certainly not the first who are facing this problem from export test config and import them to production.

Another problem is that we see in IME some signatures enabled or disabled. After copying the current config of the sensor to a server, we search for the signature id in the current config and don't find it. Has somebody ever seen this problem?

We would be glad if somebody has some hints for us:)

Greetings, Mike

Labels:
0 Helpful
1 Reply 1

rhermes
Level 7
Level 7

‎09-09-2011 09:18 AM

Mike -

The easiest way to move a tuned set of signatures from one sensor to another is to copy the signature settings of the config file and paste it into the new sensor. The alternative is to download and install Cisco Security Manager, it will install with a 90 day trial. This will allow you to make a policy from your reference sensor and push your signature turnings out to multiple sensors. This is more work than necessary for one sensor, so I wouldn't recommend it.

The reason you're not seeing all the signatures in your config file is that the config file only contains the difference between the default signature settings and the signature setting on the sensor.

- Bob

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card