Via the GUI Go to Configuration => Sensor Management => Auto/Cisco.com Update Ensure that "Enable Signature and Engine Updates from Cisco.com" is checked Ensure that all fields have the correct information/passwords
Via the CLI
Enter the command
show statistics host | beg Auto Update
A successful update will look like this: Auto Update Statistics lastDirectoryReadAttempt = 12:55:19 EST Thu Jul 22 2010 = Read directory: http://<url> = Success lastDownloadAttempt = 12:55:20 EST Thu Jul 22 2010 = Download: http://<url> = Success lastInstallAttempt = 12:57:42 EST Thu Jul 22 2010 = IPS-sig-S502-req-E4: Update completed successfully = Success nextAttempt = 12:55:22 EST Fri Jul 23 2010
An unsuccessful update will list the cause of the failure. Often it is something like "HTTP request failed", indicating that return traffic to the sensor was blocked by a firewall or proxy server.
First run the packet display command below in the CLI to make sure that you don't see any non-interesting traffic. Then, check the current time on the sensor with the show clock command, and in the GUI, set Automatic Updates to happen 2 minutes from that time, every 1 hours. In the CLI, make sure that the packet display command is running, and log the output. You should see TCP port 443 traffic to the AU control servers, followed by TCP port 80 traffic to the actual update servers.
packet display <management interface> expression not host <management host>
Where the management host includes all hosts connecting to the sensor via IDM, IME, MARS, or the CLI. The traffic we expect to see is described in How GC Works
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
