Correct procedure to update IOS IPS signatures on 2911 router

kasper123 · ‎04-24-2011

What is the correct procedure to update the IOS IPS signatures on an 2911 router?

I know how to download the signatures file (eg. IOS-S556-CLI.pkg) but what is the correct way to install the update?

Thank you in advance!

Jennifer Halim · ‎04-24-2011

Here is the complete IOS IPS signature documentation:

http://www.cisco.com/en/US/products/ps6634/products_tech_note09186a008097db66.shtml

To update the IOS IPS, please check out Step 5.

Hope this helps.

kasper123 · ‎04-26-2011

Hi Jennifer,

thank you for answering the question.

Do you happen to know what is the number of IPS rules that can be enabled on the router without crashing it?

In the instructions it says never to enable all the signatures and enable only the ones that are needed. But what is the number of signatures that a 2911 router can handle?

Regards.

Jennifer Halim · ‎04-28-2011

The IPS signature package comes with a list of pre-enabled signatures, hence Cisco does not recommend enabling a lot more other signatures, especially not every single signature as documented.

The reason why is because the package might include retired/old signatures only for references, and not every single signature is required to protect your environment because you might not have the traffic for some signatures, you might not have some end hosts that are written with specific signatures, therefore, it becomes irrelevant if you enable it.

Typically here is how customer would enable/disable signatures:

- Use the default signature that is enabled by Cisco (the default should fit majority of the customers).

- Monitor it for a couple of months

- Disable those that you don't need, and enable others if you think you require it for specific.