Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1926
Views
0
Helpful
6
Replies

IPS module will not download signature updates.

Go to solution
rosswmerrifield
Level 1
Level 1

‎11-26-2012 03:26 PM - edited ‎03-10-2019 05:50 AM

Hello all,

I have a Cisco ASA 5512-X with the IPS module/processor. I am trying to get the device to download signature updates but am encountering problems. I have entered a valid cisco.com user account into the GUI to enable this feature, but the updates never actually download.

Is there a way to manually apply the signature updates?

why won't the updates download automatically? The device can ping public servers such as 8.8.8.8

Please let me know if there is smoehting I am doing wrong, or if you would like configuration details/show command out put etc. Everything else seems to be working fine, traffic is actively being passed through the sensor.

Thank you very much,

-Ross Merrifield

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hausherrs
Level 1
Level 1
In response to rosswmerrifield

‎11-28-2012 08:45 AM

The IPS management address needs to be able to get to the internet. So make sure routing is in place. There is not a way to get it use any other interfaces, that I am aware of.

Thanks,

Steven

View solution in original post

0 Helpful
6 Replies 6

Go to solution
hausherrs
Level 1
Level 1

‎11-27-2012 11:48 AM

Updates take place over port 80. You should make sure that port 80 is open between the sensor and the internet. If you have a web filter such as Websense or some sort of internet proxy the port 80 updates will probably be blocked. You need to exempt the sensor in the firewall rule that sends all http requests to Websense for permission or put a rule in the websense to allow the sensor.

Thanks,

Steven

0 Helpful

Go to solution
rosswmerrifield
Level 1
Level 1
In response to hausherrs

‎11-28-2012 08:34 AM

Port 80 is not blocked. Do the updates download through the management interface only or can they be downloaded from any interface? In my current setup, the management interface cannot route to the internet. Only one of the GE interfaces can communicate over the internet.

0 Helpful

Go to solution
hausherrs
Level 1
Level 1
In response to rosswmerrifield

‎11-28-2012 08:45 AM

The IPS management address needs to be able to get to the internet. So make sure routing is in place. There is not a way to get it use any other interfaces, that I am aware of.

Thanks,

Steven

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎11-28-2012 05:48 PM

Hello Ross,

what DNS server are you using?

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
rosswmerrifield
Level 1
Level 1
In response to Julio Carvajal

‎11-28-2012 06:04 PM

DNS server is google (8.8.8.8)

Routing was the issue. This thread can be closed.

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to rosswmerrifield

‎11-28-2012 07:54 PM

Great..

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card