Solved: IDSM-2 upgrade process questions.

Will.Watson · ‎08-09-2011

Hello,

I started a new job and have been tasked with looking into what we can do with the IDSM-2 module we have in our 6509. The company has not been using the module so it hasn't been updating in a few years. I do not have a current license so I know I cannot install new signature updates, but what I would like to do is upgrade the software to version 7.0(5a)E4. Once I have it upgraded I would like to configure it in our environment and then see about getting a signature license.

I have a few questions regarding the upgrade process, and could use some assistance.

First the IDSM is currently running version 5.1(3)S256.0. From what I have read I don't believe I can go directly to 7.0(5a)E4 so my Planned Upgrade Path is: 5.1(3)S256.0 -> 5.1(8)E3 -> 7.0(5a)E4.

Am I able to upgrade this way or is there another recommended way that I should do this upgrade?

The files I have for this are below, will they be enough or am I missing any?

Do I apply them in the order listed?

Can I apply all of these files from the IDM GUI?

IPS-K9-5.1-8-E3.pkg

IPS-engine-E3-req-5.1-8.pkg <--- Is this included in the above file?

IPS-K9-r-1.1-a-5.1-8-E3.pkg

IPS-K9-7.0-5a-E4.pkg

IPS-K9-r-1.1-a-7.0-5a-E4.pkg

I plan on backing up my configuration first just in case, but should this process have any affect on the configuration?

I also saw that the upgrade will convert the configuration, so should I back it up a second time between the 5.1(8)E3 and 7.0(5a)E4 step?

Will there be any effect on network traffic or downtime during this process?

Is there any thing else I need to be aware of or that I'm missing?

Thanks in advance,

Will

Dustin Ralich · ‎08-12-2011

Hi Will. Since you indicated that this sensor has not been in-use, it would be quickest/easiest to simply re-image it directly to the desired version (7.0(5a)E4). Additional benefits of doing this are that the sensor's filesystem will be created clean, OS/binaries cleanly installed, no potential config conversion issues, etc.

Step-by-step instructions for doing this can be found here.

And, the System Recovery Image file you will need ('IPS-IDSM2-K9-sys-1.1-a-7.0-5a-E4.bin.gz') can be downloaded here.

Will there be any effect on network traffic or downtime during this process?

That depends on whether the sensor is configured in Promiscuous Mode or Inline [VLAN Pair] Mode. You can determine this from the Catalyst config. If the sensor is installed in Inline [VLAN Pair] Mode, then certainly the re-image (and even just upgrade) could be traffic-impacting (if there is no alternative/backup path for traffic to take), as in both scenarios, the sensor is rebooted and not available for ~10 minutes (during which time, it would not be forwarding traffic (if it were installed Inline)). Additionally, since re-imaging results in a clean/default config, if the sensor were configured Inline, that portion of the config would have to be re-input post-reimage so that the sensor would know to forward traffic accordingly again. Details about the modes can be found here.

View solution in original post

Dustin Ralich · ‎08-12-2011

Hi Will. Since you indicated that this sensor has not been in-use, it would be quickest/easiest to simply re-image it directly to the desired version (7.0(5a)E4). Additional benefits of doing this are that the sensor's filesystem will be created clean, OS/binaries cleanly installed, no potential config conversion issues, etc.

Step-by-step instructions for doing this can be found here.

And, the System Recovery Image file you will need ('IPS-IDSM2-K9-sys-1.1-a-7.0-5a-E4.bin.gz') can be downloaded here.

Will there be any effect on network traffic or downtime during this process?

That depends on whether the sensor is configured in Promiscuous Mode or Inline [VLAN Pair] Mode. You can determine this from the Catalyst config. If the sensor is installed in Inline [VLAN Pair] Mode, then certainly the re-image (and even just upgrade) could be traffic-impacting (if there is no alternative/backup path for traffic to take), as in both scenarios, the sensor is rebooted and not available for ~10 minutes (during which time, it would not be forwarding traffic (if it were installed Inline)). Additionally, since re-imaging results in a clean/default config, if the sensor were configured Inline, that portion of the config would have to be re-input post-reimage so that the sensor would know to forward traffic accordingly again. Details about the modes can be found here.