Re: Signatur updates for Cisco IPS 4510

mraliisahin · ‎08-20-2012

Hi there.

I one question to all cisco IDS/IPS professionals. If the management port only accept inbound traffic how can I then activate my Cisco 4510 IPS appliance to get automatically signature updates from cisco.com ? That one requires outbound traffic too.

Thanks.

.

Karsten Iwen · ‎08-20-2012

You Management0/0-port only supports "to-the-box" traffic which means that you can't use that port for an inline pair or a vlan-pair. But with the IP on that port configured, you can not only connect to your sensor, the sensor can also initiate connection to the rest of the network and so you can reach your update-destionations.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

mraliisahin · ‎08-20-2012

I already configured ip address ón my management port. Will thar mean that it should be possible to inititativet trafficking from that port ?

Sent from Cisco Technical Support iPhone App

Karsten Iwen · ‎08-20-2012

Yes, you can try it from CLI with the "copy"-command and a local FTP-Server. If your IP-settings are correct, then it should work.

Sent from Cisco Technical Support iPad App

mraliisahin · ‎08-21-2012

Hi Karsten,

I cannot test with FTP because I dont have any FTP servers availeble. But when try to get updates from

https://72.163.4.161//cgi-bin/front.x/ida/locator/locator.pl I dont see any outbound traffic from my IPS appliance. Are you sure about that the management interface can intiate outbound traffic ?

Karsten Iwen · ‎08-21-2012

From the console you can ping and traceroute to test the reachability. Have you double-checked your IP-settings with the Default-Gateway for the sensor? It really should work that way.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni