Via the GUI Go to Configuration => Sensor Management => Auto/Cisco.com Update Ensure that "Enable Signature and Engine Updates from Cisco.com" is checked Ensure that all fields have the correct information/passwords
Via the CLI
Enter the command
show statistics host | beg Auto Update
A successful update will look like this: Auto Update Statistics lastDirectoryReadAttempt = 12:55:19 EST Thu Jul 22 2010 = Read directory: http://<url> = Success lastDownloadAttempt = 12:55:20 EST Thu Jul 22 2010 = Download: http://<url> = Success lastInstallAttempt = 12:57:42 EST Thu Jul 22 2010 = IPS-sig-S502-req-E4: Update completed successfully = Success nextAttempt = 12:55:22 EST Fri Jul 23 2010
An unsuccessful update will list the cause of the failure. Often it is something like "HTTP request failed", indicating that return traffic to the sensor was blocked by a firewall or proxy server.
First run the packet display command below in the CLI to make sure that you don't see any non-interesting traffic. Then, check the current time on the sensor with the show clock command, and in the GUI, set Automatic Updates to happen 2 minutes from that time, every 1 hours. In the CLI, make sure that the packet display command is running, and log the output. You should see TCP port 443 traffic to the AU control servers, followed by TCP port 80 traffic to the actual update servers.
packet display <management interface> expression not host <management host>
Where the management host includes all hosts connecting to the sensor via IDM, IME, MARS, or the CLI. The traffic we expect to see is described in How GC Works
Hi there,Thanks for reading. I have a subinterface (SI) on a physical interface (PI) on an FTD 1150 which is directly cabled to my core switch C4500. The core isn't receiving arps for the SI IP address. FTD:PI: Rout...
I would like help with whitelisting a site with port 80. I don't want to whitelist port 80 for all sites, just one in particular. I already whitelisted the site, but port 80 is not a port we are allowing, so it's getting blocked. Thank you
We have a remote location (3+ hours from the main office) that has an ASA-5508 running 9.8(4). We were troubleshooting a VPN connection, but for whatever reason we lost management access. The site-to-site VPN tunnel is partially up in the sense that some ...
Hello, Added one new machine to the actual Primary and Secondary deployment with only the PSN active role. The SYNC is in progress.But is already in SYNC for about 3h, and does not pass from there. Is there a way i can check what is doing from the CL...
Hi Guys! I'm trying to understand which is the best tool for detecting and fixing security Vulnerabilities in Cisco devices. Please share your opinions and thoughts as well as recommendations as to which tool will be more efficient. T...