>Like Walter said, dependencies are stated in the >readme file that accompanies each update, be it a >service pack or signature update. Go over the latest one to ensure you have everything in order.

The problem is that it's not possible to download even the text file without a subscription contact.

I think that such information should be available regardless of the maintanence contract .

While I hear what you're saying, I think it is a moot point. Even if you could get the information without a support contract, you wouldn't be able to download the updates themselves.

At the end of the day, a valid support contract is required in order to upgrade/update a Cisco IDS/IPS appliance to the latest standard. It's stipulated clearly in the EULA and throughout Cisco IDS/IPS related correspondence from Cisco.

If you're looking to do it for free, I'm afraid you're out of luck...

Alex Arndt

Did I say that I wanted to do the upgrade for free.

If I did , and I don't think so , I'm afraid to be misunderstood.

Actually the question started because I'd taken the IDS exam and one question was in fact which software pre-requisite has the 4.1 release.

Since I've searched all the cisco site for such information , and couldn't find it anywhere , I was thinking how secret this information should be that only subscribers can access it

But from that point on I argue the idea that release notes should be kept available only for subscribers.

I repeat , I never meant to install a software for free but get access to its release notes I think is the bare minimum ...

regards

Stefano Colombo

MCSE 2003+Messaging,CCNA CCSP

Now I understand where you are coming from.

Understand that the question in the exam wasn't to test if you had read the 4.1 release-notes or readme, but rather do you understand the IPS upgrade naming convention.

Certified IDS/IPS professionals should be able to look at the name of a file and tell you what the pre-requisite is. There were several slides in the IDS/IPS class to cover this if I remember correctly.

For version 5.0 this information is contained here in the public user's guide:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/5020_02.htm#wp1066721

Here is what I hope is a simpler plain english breakdown.

A file with "maj" in the name is a major update.

To install the "maj" upgrade requires the previous major version (other updates to that previous major may have been installed as well).

So a filename like: IPS-K9-maj-7.0-1.pkg

Should automatically tell you that you can install it on any 6.x(y)Szzz box.

A file with "min" in the name is a minor update.

To install the "min" upgrade requires the previous major version.

So a filename like: IPS-K9-min-7.3-1.pkg

Should automatically tell you that you can install it on any 7.x(y)Szzz box.

(Of course the x in the 7.x(y)Szzz has to be less than the 3 in the filename so it could be 7.0(y)Szzz, 7.1(y)Szzz, or 7.2(y)Szzz.)

A file with "sp" in the name is a service pack.

To install the "sp" upgrade requires the previous major/minor version (both the first 2 numbers have to match).

So a filename like: IPS-K9-sp-7.3-4.pkg

Should automatically tell you that you can install it on any 7.3(y)Szzz box.

(Of course the y in the 7.3(y)Szzz has to be less than the 4 in the filename so it could be 7.3(1)Szzz, 7.3(2)Szzz, or 7.3(3)Szzz.)

A file with "sig" in the name is a signature update..

To install the "sig" upgrade requires requires a version higher than that listed after the "minreq" portion of the filename:

So a filename like: IPS-sig-S400-minreq-7.3-4.pkg

Should automatically tell you that you can install it on any 7.3(4)Szzz box as well as any higher version (like say 8.0(5)Szzz).

(Of course the Szzz in the 7.3(4)Szzz has to be less than the S400 in the filename.)

Back in version 4.x there were similar constraints and filenames with a few differences. (Unfortunately I can't quickly find the corresponding 4.1 doc link)

Differences comparing version 4.x convention to 5.x convention:

1) Has "IDS" instead of "IPS" as the name.

2) Has ".rpm.pkg" as the extension instead of just ".pkg".

3) The "maj", "min", "sp" filenames in version 4.x contained "Szzz" in the filename, while in version 5.x the Szzz is not in the filename.

Example: IDS-K9-min-4.1-1-S47.pkg

NOTE: Having the S level on the maj, min, and sp filenames caused some confusion in 4.x. Users were incorrectly calling the maj, min, and sp files by just the S level, and sometimes did not realize things other than the signatures were also changing.

In version 5.x we removed the S level from the filenames so users can understand the difference. But be aware that the 5.x maj,min,sp upgrades could have a higher Sig level in them even though it is not in the filename.

4) In version 4.x the signature update names are different and are tied to a specific maj.min(sp) version. So a 4.1(5)S190 signature update can only be installed on a 4.1(5) sensor.

In version 5.0 we stopped tying the signature updates to a specific maj.min(sp) version. And instead just designate the lowest version required for installing that signature update.

For example:

The IPS-sig-S300-minreq-5.0-1.pkg can be installed on a 5.0(1)Sxxx, 5.0(2)Sxxx, 5.0(3)Sxxz, or a 5.0(4)Sxxx sensor (assuming the Sxxx is lower than S300).

When 5.1(1) releaes it will even be able to be installed on those sensors as well.

There are a few exceptions to the above rules.

It is these exceptions that we put into release notes and readme.

thanks for your reply .

The problem is that the question wasn't about file syntax but actually about software pre req.

The question was like :

which software release is a prereq for installing 4.1?

answers ( the answers are what I remember but the important thing is that they didn't refer to the file but only the version )

4.0.1.S37

4.0.2.S24

.....

Thaks