cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3374
Views
8
Helpful
22
Replies

Signature Update S601 Pulled From Cisco.com

nicksmi
Cisco Employee
Cisco Employee

Due to a bug in IPS software versions prior to 7.0.6, it is not advised to apply signature updates past S601 without having upgraded to 7.0.6 first.  This issue is being tracked as CSCtn23051.  If a customer has applied  S601 without problems, there is no issue beyond having to upgrade to 7.0.6 to  apply updates S602 and later.  If you have not applied S601 yet, it is advised to upgrade to 7.0.6 before applying update S602 and later.

Thank you for your patience and understanding in this matter.

Nicholas Smith

Cisco IPS Signature Team

22 Replies 22

Thanks for the tip on the hw-module command that saved me a trip to one of our remote sites …

hartkl5277
Beginner
Beginner

One thing I have noticed in this thread is the only help being provided is from the community.  NICKSMI seems to be the only Cisco representative responding to this thread and his comments make it sound like it is our fault for not running the latest update.  But no were in the release notes of S601 does it say only supports 7.0.5 and above.  After a coupe of days of this you would think that someone within Cisco would be able to supply some answers besides upgrade to 7.0.6.  Some of us cannot because the S601 update screwed up the systems that bad.  It would be nice just to hear Cisco admit that they screwed up on this one but hear it what you can do to recover.  Come on and man up.

m.vuckovic
Beginner
Beginner

A lot of work to do.

It seems that upgrades work OK but I have problems with one IPS 4240 device which hangs. All other non-problematic devices are

ASA-AIP type.

Any ideas why IPS ?

Thanks and best regards,

Marko

I had to open a TAC case because one of our AIP-SSM’s license files was corrupted. The other three AIP-SSMs I was able to fix and one of the suggestions was to use the session command from the firewall which save me a trip out to a remote site to do a reboot manually (like unplug the unit from the FW) so someone posted a note about resetting the IPS 4250 appliances from the console port which would be a good idea to try if you haven’t done so already.

All in all this issue cost me a couple of days of productive work. And I agree that the guys from Cisco on this page pretty much came across as blaming us as end users for not upgrading to the latest code. I mean we were a couple of revs back on 7.02 (e4) still in the same train of code; so I thought those comments were completely inappropriate especially since there was no prior warning or major service bulletin on the security bulletin that is emailed out; like the one I just received on S603 a few minutes ago. In other words, that is how you need to warn customers about major code bugs like this … that guy was acting like a corporate parrot, puppet and tool for blaming the customers. I know he pissed off a lot of customers.

Thank you very much for your comments. It seems that IPS 4240 is the only device that is having a problem, at least in my case. One sleepless night and tomorrow I'll open the case. For me whole week is strange so I'm in kind a  'just think positive' mantra but I can understand the frustration of many of you.

austin0824
Beginner
Beginner

Hi Nick,

I am currently running IDSM-2 on version 7.0 (5a)E4. Fortunately, I did not run S601, but did run S600 and S602. However, I have noticed that my sensor health dashboard is showing as critical. The event retrieval is no longer working even though it is enabled. As a check, I am supposed  to run event monitoring and reports daily. At the moment, I cannot carry out this function anymore. Is this issue connected to this on-going post S600 signature updates (even though I did not install S601). What can I do begin receiving these event logs?

Thanks

Hi. I had this same thing happen to my systems (AIP-SSM’s) it required upgrading the code to 7.06 E4 and in one case (one AIP-SSM I had to open a TAC case because the licensing file was corrupted by S601).

Hope this helps you plan a course of action.

Best regards,

Tom Wilcox

Network Administrator SSS III

California Department of Education

1430 N St.

Sacramento, CA 95814

916-323-1565

twilcox@cde.ca.gov

Costin Vilcu
Beginner
Beginner

Hi Nick,

what about 4215 sensors? the latest available software for those is 6.0(6). Should we push signatures newer than S600 on those?

Thank you,

Costin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers