Solved: Re: Two questions about upgrading sensor's software

g.rodegari · ‎06-10-2004

Hi,

my questions are:

- can I upgrade de recovery partition image for an IDS appliance from the IDS-MC?

- can I upgrade the signature version for an IDS appliance from IDM?

... or in both case I've to type the "upgrade" command from the cli of the sensor?

thnks,

Graz.

astuckey · ‎06-10-2004

You can upgrade the signature version from IDM. (Either with Configuration -> Auto Update or Administration -> Update).

View solution in original post

astuckey · ‎06-10-2004

You can upgrade the signature version from IDM. (Either with Configuration -> Auto Update or Administration -> Update).

marcabal · ‎06-10-2004

My understanding is that IDS MC can push:

1) Signature Updates

2) Service Pack Updates

3) Minor Version Updates

4) Major Version Updates

BUT can not push:

1) Recovery Partition Updates

2) Engineering Patches

IDM and the CLI can both be used to push:

1) Signature Updates

2) Service Pack Updates

3) Minor Version Updates

4) Major Version Updates

5) Recovery Partition Updates

6) Engineering Patches

The Sensor's Auto Update feature (configurable through IDM and CLI) can pull:

1) Signature Updates

2) Service Pack Updates

3) Minor Version Updates

4) Major Version Updates

BUT can not push:

1) Recovery Partition Updates

2) Engineering Patches

So the general question is why can IDS MC and the Auto Update feature not push Recovery Partion Updates and Engineering Patches.

This is because the Recovery Partition and Engineering Patches are only needed when trying debug issues on the sensor which in most cases require the user to have direct access to the sensor.

In which case the user is already using the CLI or IDM for debugging and can simply enter the upgrade command from there.

The Recovery Partition is only needed when the disk has been corrupted and a fresh image needs to be installed to match what was received from the factory. This is rarely required.

The sensor appliances come with a preloaded Recovery Partition that the user can choose to update if they want, but are not required to.

For example, lets say the Recovery and Application Partition both shipped with 4.0(1)S37 on the sensor.

In the meantime the sensor has been upgraded to 4.1(1) with Minor Update release, then upgraded to 4.1(4) with the Service Pack release, and then upgraded S94 with the Signature Update release.

If the sensor hits a catastrophic error the user may need to re-image the sensor.

If they recover the sensor it will recover back to 4.0(1)S37 and then they just need to manually load the Minor Update, Service Pack, and Signature Update.

If they didn't want to have to reload all of the updates again, they could have loaded a newer recovery image first at any time prior to the catastrophic failure. So in this case the user could have installed the 4.1(1) Recovery partion. It would not affect the application partition he was currently running (he could continure running 4.1(4)S94 and install the 4.1(4) Recovery partition).

If there were a catastrophic failure, the sensor coudl be recovered back to 4.1(1) and would only need to install the latest Service Pack and Signature Update to get it back to the recent version.

We generally only release new Recovery Partitions on new Minor and Major versions. But as I said you could upgrade to the new Major or Minor without upgrading the Recovery Partition.

(In fact I would recommend it, because if there is an issue after the Major or Minor upgrade you might need to recover back to the older version stored in the Recovery Partition).

Engineering Patches are generally used only when problems are being seen, and are generally only applied to the sensor experiencing the problem.

So Recovery Partition updates, and Engineering Patches were originally not intended to be updated through either IDS MC or the Auto Update feature.

However, since the release of 4.1 we have received enhancement requests to allow IDS MC and Auto Update to install Recovery Partition Updates and Engineering Patches. So this has been marked as an enhancement and could be changed in a future version release of the sensor and/or IDS MC.

g.rodegari · ‎06-10-2004

Hi,

very detailed!

thank you very much!

G.

rmeldau · ‎06-11-2004

My recovery partition is at 4.1(1) S47. My sensor is at 4.1(4) S95. I would like to change the recovery partition to that level. How do I do that?

Is this something I download from Cisco or just copy on my sensor? Thanks.

marcabal · ‎06-11-2004

The Recovery Partition Images are generally only created with Major or MInor release.

4.1(1) was the last Minor release, so your recovery partition at 4.1(1) would already be at the latest recover image.

Every once in awhile there will be an exception.

Right now there is a an exception to this rule for the IDS-4215. The IDS-4215 original 4.1(1) image had a bug which prevented it from working with some of the new compact flash cards that manufacturing was starting to use. So we had to generate a new Recovery Partition Image for the IDS-4215 for 4.1(4).

So only if you have the IDS-4215 you can upgrade your Recovery Image to 4.1(4).

The 4.1(4) Recovery partition image for the IDS-4215

and the 4.1(1) Recovery partition image for the other IDS-42xx appliances can be downloaded from CCO at this location:

http://www.cisco.com/cgi-bin/tablebuild.pl/ids4-app-recovr

To install the recovery partition image you use the CLI's upgrade command just like installing Signature and other updates on the sensor.

You can look at directions in one of the readmes for the signature updates for how to use the upgrade command.