04-14-2010 09:43 PM - edited 03-10-2019 04:57 AM
Hi All,
Can someone help me to how to upgrade IPS 6.0(1) E1 to 7.0(2) E4.
What are images need to upgrade for this?
What is the proper procedure for upgradation?
Below is the show version results for your reference...
========================================
Cisco-IPS#
Cisco-IPS# sh ver
Application Partition:
Cisco Intrusion Prevention System, Version 6.2(1)E3
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S479.0 2010-03-19
Virus Update V1.4 2007-03-02
OS Version: 2.4.30-IDS-smp-bigphys
Platform: IPS-4240-K9
Serial Number: JMX1244L0PK
Licensed, expires: 31-Dec-2010 UTC
Sensor up-time is 211 days.
Using 1439252480 out of 1984552960 bytes of available memory (72% usage)
application-data is using 44.0M out of 166.8M bytes of available disk space (28% usage)
boot is using 39.7M out of 68.6M bytes of available disk space (61% usage)
MainApp E-2008_OCT_16_16_24 (Release) 2008-10-16T16:40:57-0500 Running
AnalysisEngine E-2008_OCT_16_16_24 (Release) 2008-10-16T16:40:57-0500 Running
CLI E-2008_OCT_16_16_24 (Release) 2008-10-16T16:40:57-0500
Upgrade History:
* IPS-sig-S465-req-E3 23:00:43 UTC Thu Jan 28 2010
IPS-sig-S479-req-E3.pkg 00:05:37 UTC Wed Apr 07 2010
Recovery Partition Version 1.1 - 6.2(1)E3
Host Certificate Valid from: 17-Nov-2008 to 18-Nov-2010
Cisco-IPS#
Cisco-IPS#
=================================
Regards,
Anuj Pratap
Solved! Go to Solution.
04-19-2010 12:52 AM
No, do not perform system reimage (IPS-4240-K9-sys-1.1-a-7.0-2-E4.img), that would wipe out all your configuration.
Just perform the upgrade using this upgrade file: IPS-K9-7.0-2-E4.pkg, and that would automatically upgrade it to 7.0.2(E4).
04-14-2010 10:29 PM
From the show version output, it says the version is 6.2(1)E3, so you can upgrade it directly to version 7.0.2(E4) using the following upgrade file: IPS-K9-7.0-2-E4.pkg
You can just use IDM to load the software from your desktop, and it will upload the upgrade file to the IPS and reload the appliance automatically.
04-19-2010 12:48 AM
Should i need to upgrade IPS image 1st (IPS-4240-K9-sys-1.1-a-7.0-2-E4.img) and then upgrade to Engine (IPS-engine-E4-req-7.0-2.pkg)???
Or just need (IPS-K9-7.0-2-E4.pkg) file to upgrade and both image and Engine will upgrade. Please confirm.
04-19-2010 12:52 AM
No, do not perform system reimage (IPS-4240-K9-sys-1.1-a-7.0-2-E4.img), that would wipe out all your configuration.
Just perform the upgrade using this upgrade file: IPS-K9-7.0-2-E4.pkg, and that would automatically upgrade it to 7.0.2(E4).
06-08-2010 10:11 AM
Hi Halijenn,
I have upgraded my IPS 4260 with below engine file(IPS-engine-E4-req-7.0-2.pkg) only. as per the cisco cocument (Refrence below with link).But now it is not showing Virus Update in sh version. Please help.
IPS1# sh ver
Application Partition:
Cisco Intrusion Prevention System, Version 7.0(2)E4
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S492.0 2010-05-26
OS Version: 2.4.30-IDS-smp-bigphys
Platform: IPS-4260-K9
Serial Number: xxxxxxxxxxx
Licensed, expires: xxxxxxxxxx
Sensor up-time is 20 days.
Using 1901256704 out of 4100345856 bytes of available memory (46% usage)
system is using 17.4M out of 38.5M bytes of available disk space (45% usage)
application-data is using 46.8M out of 166.8M bytes of available disk space (30% usage)
boot is using 41.5M out of 69.5M bytes of available disk space (63% usage)
application-log is using 494.0M out of 513.0M bytes of available disk space (96% usage)
MainApp B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10-15T08:09:06-0500 Running
AnalysisEngine BE-BEAU_E4_2010_MAR_25_02_09_7_0_2 (Ipsbuild) 2010-03-25T02:11:05-0500 Running
CollaborationApp B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10-15T08:09:06-0500 Running
CLI B-BEAU_2009_OCT_15_08_07_7_0_1_111 (Ipsbuild) 2009-10-15T08:09:06-0500
Upgrade History:
* IPS-engine-E4-req-7.0-2 16:27:30 UTC Mon Jun 07 2010
Note:- You must upgrade IPS 7.0(2)E3 to IPS 7.0(2)E4 using the engine upgrade file (IPS-engine-E4-req-7.0-2.pkg) because you are upgrading the engine only. You cannot use the IPS-K9-7.0-2-E4.pkg upgrade file to upgrade from 7.0(2)E3 to 7.0(2)E4. Engine updates may or may not cause the sensor to reboot.
http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/21671_01.html#wp1235012
Regards,
Saurabh
06-08-2010 12:40 PM
Saurabh;
The virus update has been removed as it is no longer an actively updated component of the IPS software. It was utilized through a joint effort with Trend Micro and managed through the Cisco Incident Control Server which is no longer available. So, it will no longer be present in future versions of the software.
Scott
06-08-2010 07:27 PM
Thanks Scott......
Regards,
Saurabh
08-23-2010 03:57 AM
Hi All,
Please let me how to upgrade IPS from E1 to E4, also let me what are recomended upgrade, procedures and file names. Please provide link to documents to refer.
I am planning for 7.0(4)E4 or 7.0(2)E4
CSS_SSM# sh version [2C
Application Partition:
Cisco Intrusion Prevention System, Version 6.0(2)E1
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S292.0 2007-06-27
Virus Update V1.2 2005-11-24
OS Version: 2.4.30-IDS-smp-bigphys
Platform: ASA-SSM-10
Serial Number: XXXXXXXX
Trial license, expires: XXXXXXXXXX
Sensor up-time is XX days.
Using 671711232 out of 1032577024 bytes of available memory (65% usage)
system is using 14.1M out of 29.0M bytes of available disk space (51% usage)application-data is using 34.2M out of 166.8M bytes of available disk space (24% usage)boot is using 37.8M out of 68.6M bytes of available disk space (58% usage)
MainApp 2007_MAR_29_14_06 (Release) 2007-03-29T14:44:36-0600 Running
AnalysisEngine 2007_MAR_29_14_06 (Release) 2007-03-29T14:44:36-0600 Running
CLI 2007_MAR_29_14_06 (Release) 2007-03-29T14:44:36-0600
Upgrade History:
* IPS-K9-6.0-2-E1 08:36:00 UTC Thu Mar 29 2007
--MORE--
IPS-sig-S292-req-E1.pkg 00:20:05 UTC Tue Jul 03 2007
Recovery Partition Version 1.1 6.0(2)E1
--------RD
08-23-2010 04:02 AM
You should be able to download the 7.04(4)E4 upgrade package from cisco.com and upgrade directly.
The filename is: IPS-K9-7.0-4-E4.pkg
The upgrade process is outlined in the release notes:
http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/22789_01.html
Scott
08-23-2010 05:00 AM
Hi Scott,
Thnx for reponse. Can you plese confirm if E1 to E4 direct upgrade is possible or I need to upgrade E1-->E2-->E3-->E4. Also if i need to check memory for the same like what we check for router and switch.
relese notes says
1) The minimum required version for upgrading to 7.0(2)E4 is 5.1(8)E2 or later.
2) You cannot upgrade 7.0(2)E3 to 7.0(2)E4 using the IPS-K9-7.0-2-E4.pkg upgrade file. You must use
the engine update file, IPS-engine-E4-req-7.0-2.pkg.
Basicaly I am strugling in choosing exact file which need to upgrade.
------RD
08-23-2010 05:07 AM
RD;
There is no need to upgrade through each successive analysis engine
update (in fact, it is not easily possible). You should be able to
simply apply the 7.0(4)E4 upgrade package over your 6.0(2)E1
installation. There is also no need to check memory, as memory is not
expandable in Cisco's IPS products. You only need verify that the
platform in question (AIP-SSM-10 in your case) is supported by the
version of software you are wanting to upgrade (7.0(4)E4 does support
the AIP-SSM-10) as listed here:
http://www.cisco.com/en/US/docs/security/ips/7.0/release/notes/22789_01.html#wp1272124
Scott
08-23-2010 05:29 AM
I read minimum requirement which is 5.1(8) E3, here I am confused.
08-23-2010 05:32 AM
As you are running 6.0(2), you are ahead of the 5.1(8) minimum requirement.
Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide