cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
389
Views
0
Helpful
0
Comments
Siddharth Chandrachud
Cisco Employee
Cisco Employee

Troubleshooting IPS Auto-updates:

_________________________________________________________________________________________________

This document explains how to troubleshoot the issue of IPS not auto-updating the signatures.

1. From IME or IDM:  

   Configuration> sensor management> auto/cisco.com update


   On the page: Click enable signatures and engine updates from cisco.com

   Type your cisco.com username and password. Make sure the credentials are correct.


   The cisco.com url should be set to: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl

   Notice the " // " after the ip address. This is correct and make sure the url is exactly the same.

2. Make sure there is an exception on the firewall that allows connections to port 443 and port 80.

    The reason for this is IPS will make two connections when doing auto-updates

       

        1) to origin-www.cisco.com:443 to check the repository and
        2) to software-sj.cisco.com:80 to download any available updates.  
        origin-www.cisco.com.443 - 198.133.219.25:443 
        software-sj.cisco.com.80 - 198.133.219.243:80



3. After making sure 1 & 2 are verified then we can test auto update:

    Do a " show clock " in the cli, note down the time and then set the time for auto/update a min after that.

    Check the Frequency: 'hourly ' Start time: a couple of mins later that the current time seen in 'show clock'



4. Open a cli session, and type " show stat host " in the output, there is a section : " Auto update statistics "

    This will show if the update went successful.

       Auto Update Statistics 
       lastDirectoryReadAttempt = 14:46:24EST Wed Nov 18 2009
       = Read directory: https://198.133.219.25//cgi-bin/front.x/ida/locator/locator.pl
       = Success:No installable auto update package found on server lastDownloadAttempt <--
       = 20:41:35 EST Fri Nov 13 2009 lastInstallAttempt
       = 20:42:50 EST Fri Nov 13 2009 nextAttempt = 15:46:20 EST Wed Nov 18 2009  

5. You can also manually update the signatures by downloading them to your p.c and then using FTP to transfer it over.

    Download link: http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=278875311

    Procedure:      http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_system_images.html#wp1088688

6. Make sure you are running the latest analysis engine update in your IPS software (indicated by the E# designator in the version string).

    Signature updates are written for a specific analysis engine release and  require the same analysis engine as indicated in the signature update file name (IPS-sig-Sxxx-req-E#.pkg).

    IPS system, engine, and signature software from Cisco.com:

    http://www.cisco.com/go/ips=> Download Software

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Quick Links