Security Intelligence Feeds not updating

GTrzaska · ‎01-19-2022

Hello,

I have taken over the job of managing the Cisco Firewall at a company. It seems that the last person has not been updating the firewall correctly.

Under 'Security Intelligence' I am receiving a 'Cisco Intelligence Feed' and 'Cisco-Dns-and-Url-Intelligence-Feed' that have not been updated since 2020-12-18!!!

I SSHd into the machine, and was able to complete all steps (receiving smiley face, able to ping, resolve, and so on).

Unfortunately it still is showing a date over a year ago.

All licenses are up to date, system is running 6.6.5. Can someone please point me in the right direction so I can wipe this off the list of mistakes?

Thank you very much!

Rob Ingram · ‎01-19-2022

@GTrzaska how is the device managed? Centrally via FMC or locally via FDM?

If via FMC, ensure the FMC has internet access. You then go to updates (System > Updates > Product Updates) and update the rules - this can also be scheduled in future (System > Tools > Scheduling)

If using FDM goto Updates on the main page, click Update from Cloud. You can also schedule, click edit to create a schedule.

Marvin Rhoads · ‎01-20-2022

SI updates normally happen every 2 hours by default. They are separate from product and rule updates. Check under the Objects for the feed objects and ensure the update frequency has not been set to "none".

If that looks OK, then check DNS resolution from the management interface (e.g., "ping system tools.cisco.com" - making sure to use the "system" keyword).