Solved: Re: how to update a signature

rajbhatt · ‎11-01-2006

Hi All,

I am new to ips ASA-SSM-10

First time logged into a ips module.

Can anyone give idea how to update the signatures.

Raj

m.sir · ‎11-01-2006

Without licence you have fully functional IPS sensor but without latest signatures - its like running antivirus programm without updates - it can protect you from lot of attacks (using build in signatures, heuristic analyzies, protocol knowledge) but it doesnt protect you from latest attactks...

M.

View solution in original post

m.sir · ‎11-01-2006

ASA-SSM is running 5.x code so procedure is same like for stand alone IPS sensor (42xx)

First you need download signature file from

http://www.cisco.com/kobayashi/sw-center/ciscosecure/ids/crypto/

(you need licence for this)

more info

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055dfcc.html

Upgrade procedure:

From CLI using upgrade command

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a008055df7c.html#wp1088691

From ASDM:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/idmguide/dmadmin.htm#wp1030863

You can also configure auto update

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/idmguide/dmadmin.htm#wp1030217

M.

Hope taht helps rate if it does

rajbhatt · ‎11-01-2006

Hi,

Thanks for the info.

AS of now there is no liense in my ASA ssm

So what is the use of that box now ?

It is doing any ips function ?

Raj

m.sir · ‎11-01-2006

Without licence you have fully functional IPS sensor but without latest signatures - its like running antivirus programm without updates - it can protect you from lot of attacks (using build in signatures, heuristic analyzies, protocol knowledge) but it doesnt protect you from latest attactks...

M.

rajbhatt · ‎11-08-2006

Hi,

I have 2 questions :

How can I generate a report on all traffic blocked by the IPS?ASA 10 SSM since it was installed,traffic blocked by signatures.

When I do a sh event it is showing me a blank screen.

In Pix/ASA we have a syslog server that is able to generate all traffic that is passing through the firewall we can generate a report based on that .Is there something similar for IPS?ASA.

Where will I find the ip address of the IPS module .

I am trying to log in from Asdm to ips cant log in as I dont know where to find the ip address .I can log in through the telnet and ssh from the ASA

How can I access the event viewere and where will I know that it is installed to work for which Ip address.

raj

rajbhatt · ‎11-09-2006

Hi,

Any ideas anyone ?

Raj

t-heeter · ‎11-10-2006

To get ip from ssm, log into ssm from asa console with "session 1"

Log into ssm and do show config, look for host-ip.