cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1418
Views
9
Helpful
19
Replies
Highlighted
Beginner

ISA550 IPS Configuration Issue

Hello

I`ve a Problem with the IPS Configuration on my ISA550 / FW 1.2.15. When setting some IPS Categorys only (Access Control & DDoS), seems after save the Configuration it lost all made settings and turn back to the default Setting "ALL".

Total Selected Signature number is allways 2038? Same Problem with choosing some OS Types. The made Configuration disapears after saving the Configuration. Many thanks for some Informations...

19 REPLIES 19
Highlighted
Contributor

Have you tried rebooting the device, then trying again to see if the issues come back?

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
Highlighted

Hello Shawn

Yes i`ve reboot the device and also disabling- enabling the IPS Service. Unfortunately still the same issue, none of the configurations will be set after saving.

Highlighted

How big of a deal would it be to backup the config, factory reset, and reapply the config? I'm hoping it's a programmatic issue that came from the original factory flash as opposed to a hardware issue or a bug.

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
Highlighted


Shawn

We are experiencing the same issue on a production unit.  Like felixth72 we have rebooted/disabled/enabled, all to no avail.  IPS is now turned off as it seems to slow throughput noticably.  We had hoped to tune performance by selecting just the signatures/OSs we wanted scanned.

I will try factory resetting and reapplying the config when there is a suitable maintenance window and let you know the result.

Highlighted

Hi Shawn

Factory Reset was done. Befor reapplying my Configuration i was just trying to set some IPS configuration. But the Issue still apears the same (to tell, without or with Configuration restore). Switching the Firmeware to 1.1.17 helps neither, still same Problem....

Highlighted

Sounds like it might be a bug. Would you both open a case with SMB TAC so they can identify it?

Sent from Cisco Technical Support iPhone App

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
Highlighted
Contributor

Very stupid question:

Have you tried another browser? I have similar issues with Chrome but not with IE

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
Highlighted

The only stupid question is the one not asked. 

Shawn Eftink CCNA/CCDA Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
Highlighted

Hi ciscomax

No stupid Question. Trying with IE8 on a XP Client, IE10, M.FireFox 21 & Chrome 27 on diffrent Win7 Clients. Also playing arround with the Security Settings from the diffrent Browsers. Sadly still same experience. 

I`ll open a SMB case and let you know the findings.

Highlighted

I'm hunting the bug with my Test ISA ... can reproduce your problem.

Download a diagnostic and search for ips.cgi, there should be a fcron error every 2 seconds after the entry, correct?

Also theres a script error (exit status 1) which could interruped the changed settings and would explain this behaviour.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
Highlighted

Hello ciscomax

What kind of diagnostic tool you are using for? Thank you for your informations.

Highlighted

Packet Capture

http://www.cisco.com/en/US/docs/security/small_business_security/isa500/administration/guide/ISA500_AG_OL-23370.pdf

Since you don't really know what it is, it would be better to send me the capture private.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
Highlighted

Hello Michael

Having soon a webex session with the Cisco SMB Support, they want have a look. I will let you know the results.

Highlighted

Hi,

Do you have specific steps to reproduce the issue ?

I tried with the following steps, i do not see any issue, maybe

a usability issue but not a capability/function issue:

I tried to disable all web attack category signatures

1) select web attack from category

2) click refresh button on the IPS gui

3) click to select all web attack related signatures

4) click edit

5) uncheck 'enable detection of selected signatures' to disable those signatures

    click ok for this pop up window

6) after clicking ok, i see that selected signatures become 'ALL' again instead of

    just web attack category ones, however, if you check web attack category again

    you will see that all those signatures are disabled

7) click save on IPS gui to save the change

8) check web attack category signatures

result, change is saved, all web attack related signatures are disabled

let me know your steps if it is not similar to mine.

Regards,

Wei