08-09-2011 06:03 AM - edited 03-10-2019 05:26 AM
Hello,
I started a new job and have been tasked with looking into what we can do with the IDSM-2 module we have in our 6509. The company has not been using the module so it hasn't been updating in a few years. I do not have a current license so I know I cannot install new signature updates, but what I would like to do is upgrade the software to version 7.0(5a)E4. Once I have it upgraded I would like to configure it in our environment and then see about getting a signature license.
I have a few questions regarding the upgrade process, and could use some assistance.
First the IDSM is currently running version 5.1(3)S256.0. From what I have read I don't believe I can go directly to 7.0(5a)E4 so my Planned Upgrade Path is: 5.1(3)S256.0 -> 5.1(8)E3 -> 7.0(5a)E4.
Am I able to upgrade this way or is there another recommended way that I should do this upgrade?
The files I have for this are below, will they be enough or am I missing any?
Do I apply them in the order listed?
Can I apply all of these files from the IDM GUI?
IPS-K9-5.1-8-E3.pkg
IPS-engine-E3-req-5.1-8.pkg <--- Is this included in the above file?
IPS-K9-r-1.1-a-5.1-8-E3.pkg
IPS-K9-7.0-5a-E4.pkg
IPS-K9-r-1.1-a-7.0-5a-E4.pkg
I plan on backing up my configuration first just in case, but should this process have any affect on the configuration?
I also saw that the upgrade will convert the configuration, so should I back it up a second time between the 5.1(8)E3 and 7.0(5a)E4 step?
Will there be any effect on network traffic or downtime during this process?
Is there any thing else I need to be aware of or that I'm missing?
Thanks in advance,
Will
Solved! Go to Solution.
08-12-2011 08:01 AM
Hi Will. Since you indicated that this sensor has not been in-use, it would be quickest/easiest to simply re-image it directly to the desired version (7.0(5a)E4). Additional benefits of doing this are that the sensor's filesystem will be created clean, OS/binaries cleanly installed, no potential config conversion issues, etc.
Step-by-step instructions for doing this can be found here.
And, the System Recovery Image file you will need ('IPS-IDSM2-K9-sys-1.1-a-7.0-5a-E4.bin.gz') can be downloaded here.
Will there be any effect on network traffic or downtime during this process?
That depends on whether the sensor is configured in Promiscuous Mode or Inline [VLAN Pair] Mode. You can determine this from the Catalyst config. If the sensor is installed in Inline [VLAN Pair] Mode, then certainly the re-image (and even just upgrade) could be traffic-impacting (if there is no alternative/backup path for traffic to take), as in both scenarios, the sensor is rebooted and not available for ~10 minutes (during which time, it would not be forwarding traffic (if it were installed Inline)). Additionally, since re-imaging results in a clean/default config, if the sensor were configured Inline, that portion of the config would have to be re-input post-reimage so that the sensor would know to forward traffic accordingly again. Details about the modes can be found here.
08-12-2011 08:01 AM
Hi Will. Since you indicated that this sensor has not been in-use, it would be quickest/easiest to simply re-image it directly to the desired version (7.0(5a)E4). Additional benefits of doing this are that the sensor's filesystem will be created clean, OS/binaries cleanly installed, no potential config conversion issues, etc.
Step-by-step instructions for doing this can be found here.
And, the System Recovery Image file you will need ('IPS-IDSM2-K9-sys-1.1-a-7.0-5a-E4.bin.gz') can be downloaded here.
Will there be any effect on network traffic or downtime during this process?
That depends on whether the sensor is configured in Promiscuous Mode or Inline [VLAN Pair] Mode. You can determine this from the Catalyst config. If the sensor is installed in Inline [VLAN Pair] Mode, then certainly the re-image (and even just upgrade) could be traffic-impacting (if there is no alternative/backup path for traffic to take), as in both scenarios, the sensor is rebooted and not available for ~10 minutes (during which time, it would not be forwarding traffic (if it were installed Inline)). Additionally, since re-imaging results in a clean/default config, if the sensor were configured Inline, that portion of the config would have to be re-input post-reimage so that the sensor would know to forward traffic accordingly again. Details about the modes can be found here.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide