Cisco Cisco IPS 4255 Sensor
19
Release Notes for Cisco Intrusion Prevention System 7.0(2)E4
OL-21671-01
Upgrading to Cisco IPS 7.0(2)E4
Upgrading to Cisco IPS 7.0(2)E4
This section provides information on upgrading to Cisco IPS 7.0(2)E4, and contains the following
topics:
topics:
•
•
Upgrade Notes and Caveats
The following upgrade notes and caveats apply to upgrading your sensor to IPS 7.0(2)E4:
•
You must have a valid Cisco Service for IPS Maintenance contract per sensor to receive and use
software upgrades from Cisco.com.
software upgrades from Cisco.com.
•
The minimum required version for upgrading to 7.0(2)E4 is 5.1(8)E2 or later.
•
Use IPS-AIM-K9-7.0-2-E4.pkg to upgrade the AIM IPS and IPS-NME-K9-7.0-2-E4 to upgrade the
NME IPS. For all other supported sensors, use the IPS-K9-7.0-2-E4.pkg upgrade file.
NME IPS. For all other supported sensors, use the IPS-K9-7.0-2-E4.pkg upgrade file.
•
You cannot upgrade 7.0(2)E3 to 7.0(2)E4 using the IPS-K9-7.0-2-E4.pkg upgrade file. You must use
the engine update file, IPS-engine-E4-req-7.0-2.pkg.
the engine update file, IPS-engine-E4-req-7.0-2.pkg.
•
The sensor goes in to the configured bypass mode during the update as the inspection software is
stopped, replaced, and restarted. The sensor automatically exits bypass mode and resumes traffic
inspection upon completion of the new inspection software startup and configuration. The engine
update procedure normally installs the update without rebooting the sensor. However, if an error is
detected during the update, the installation process attempts to reboot the sensor in order to leave
the sensor in an operational state.
stopped, replaced, and restarted. The sensor automatically exits bypass mode and resumes traffic
inspection upon completion of the new inspection software startup and configuration. The engine
update procedure normally installs the update without rebooting the sensor. However, if an error is
detected during the update, the installation process attempts to reboot the sensor in order to leave
the sensor in an operational state.
•
After you upgrade any IPS software on your sensor, you must restart the IDM to see the latest
software features.
software features.
•
Using automatic update:
–
If you are using automatic update with a mixture of AIM IPS, NME IPS, and other IPS
appliances or modules, make sure you put both the 7.0(2)E4 upgrade file
(IPS-K9-7.0-2-E4.pkg), the AIM IPS upgrade file (IPS-AIM-K9-7.0-2-E4.pkg), and the
NME IPS upgrade file (IPS-NME-K9-7.0-2-E4) on the automatic update server so that the
AIM IPS and the NME IPS can correctly detect which file needs to be downloaded and installed.
If you only put the 7.0(2)E4 upgrade file (IPS-K9-7.0-2-E4.pkg) on the server, the AIM IPS and
the NME IPS will download and try to install the wrong file.
appliances or modules, make sure you put both the 7.0(2)E4 upgrade file
(IPS-K9-7.0-2-E4.pkg), the AIM IPS upgrade file (IPS-AIM-K9-7.0-2-E4.pkg), and the
NME IPS upgrade file (IPS-NME-K9-7.0-2-E4) on the automatic update server so that the
AIM IPS and the NME IPS can correctly detect which file needs to be downloaded and installed.
If you only put the 7.0(2)E4 upgrade file (IPS-K9-7.0-2-E4.pkg) on the server, the AIM IPS and
the NME IPS will download and try to install the wrong file.
–
When you upgrade the AIM IPS or the NME IPS using automatic update, you must disable
heartbeat reset on the router before placing the upgrade file on your automatic update server.
After the AIM IPS and the NME IPS have been automatically updated, you can reenable
heartbeat reset. If you do not disable heartbeat reset, the upgrade can fail and leave the AIM IPS
and the NME IPS in an unknown state, which can require a system reimage to recover.
heartbeat reset on the router before placing the upgrade file on your automatic update server.
After the AIM IPS and the NME IPS have been automatically updated, you can reenable
heartbeat reset. If you do not disable heartbeat reset, the upgrade can fail and leave the AIM IPS
and the NME IPS in an unknown state, which can require a system reimage to recover.
–
If you are using automatic update from an FTP or SCP server with a mixture of platforms that
are supported by IPS 7.0(2)E4 as well as platforms that are not supported by IPS 7.0(2)E4, we
recommend that you create a separate automatic update directory 7.0(2)E4 files. Modify the
automatic update configuration for sensors supporting IPS 7.0(2)E4 to point to the new
directory. Placing the 7.0(2)E4 files in the automatic update directory for those sensors not
supporting IPS 7.0(2)E4 results in those sensors constantly downloading the update and
generating errors during the attempted update.
are supported by IPS 7.0(2)E4 as well as platforms that are not supported by IPS 7.0(2)E4, we
recommend that you create a separate automatic update directory 7.0(2)E4 files. Modify the
automatic update configuration for sensors supporting IPS 7.0(2)E4 to point to the new
directory. Placing the 7.0(2)E4 files in the automatic update directory for those sensors not
supporting IPS 7.0(2)E4 results in those sensors constantly downloading the update and
generating errors during the attempted update.