11-03-2001 07:17 AM - edited 03-08-2019 09:03 PM
Hello. I've got one 4210 sensor (V2.5.0.102), one 4230 sensor (V3.0(1)S4 Modified), and one CSPM (V2.3.0 Build 2335). I've configured the CSPM such that I am receiving and communicating via V2.5.0 with the 4210 sensor, but I'm unable to communicate from the CSPM to the 4230 sensor. I don't have the option on the CSPM to select V3.0(1)S4 for communication with the 4230. Can someone please advise me the correct steps to take to get all on the latest and greatest? Is order significant? What's the minimum I need to do to begin communicating properly with the 4230?
Thanks in advance!
11-03-2001 10:36 AM
Simply upgrade CSPM with the new signature files for v3.0(1)S4. They are available from Cisco.com under the IDS Appliance Software center. Download the ZIP - extract and run the update sensor files from the tool menu. Don't select a specific sensor just click next and follow the update procedure. This will allow you to select V3.0(1)S4 from the pull down menu for the 4230 Sensor.
Keep in mind that the CSPM signature update files are not the same as the signature update files for the Sensor (.bin vs .zip/exe)
This will update CSPM to match the 4230 sensor signature file.
11-03-2001 11:17 AM
Thanks for the timely feedback. That clarifies it for me!
11-04-2001 08:51 PM
I would also recommend upgrading to the latest version of CSPM v2.3.3i.
11-08-2001 09:10 PM
The 4230 should communicate to CSPM even if the software is not matched perfectly . Start with the basics. Can you ping for cspm to 4230. If not login as root and type ifconfig /dev/swpr0
This is the management int and should have the correct ip info on it from when you ran sysconfig-sensor.
If that is OK double check your post office settings on both ends. Then reload the 4230.
11-09-2001 07:41 AM
/dev/spwr0 is the sniffing interface
/dev/iprb0 is the management interface
The best option is still to upgrade CSPM to the latest version (v2.3.3i) first, then configure it to see the correct sensor version from the beginning. This is a much cleaner approach than mixing versions between CSPM and the sensor.
11-09-2001 10:00 AM
FYI
The user HAS to have at least version 2.3.2i of CSPM to communicate with a version 3.0(1)S4 sensor. If the S level is higher than S4 then the same S level signature update also HAS to be applied to the CSPM machine.
So when upgrading your sensors, you also have to upgrade your CSPM.
Latest sensor: 3.0(2)S10
Latest CSPM: v2.3.3i with S10 signature udpate
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide