Cisco Cisco IPS 4255 Sensor
18
Release Notes for Cisco Intrusion Prevention System 6.0(1)E1
OL-8827-01
Upgrading to Cisco IPS 6.0(1)E1
Caution
Reimaging using the CD or system image file restores all configuration defaults.
•
In 6.0(1)E1, you will receive messages indicating the you need to install a license. The sensor
functions properly without a license, but you will need a license to install signature updates.
functions properly without a license, but you will need a license to install signature updates.
•
Upgrading from 5.x to 6.0(1)E1 preserves the configuration of the sensor. The upgrade may stop if
it comes across a value that it cannot translate. If this occurs, the resulting error message provides
enough information to adjust the parameter to an acceptable value. After editing the configuration,
try the upgrade again.
it comes across a value that it cannot translate. If this occurs, the resulting error message provides
enough information to adjust the parameter to an acceptable value. After editing the configuration,
try the upgrade again.
•
After you upgrade from 5.x to 6.0(1)E1, you cannot downgrade using the downgrade command. If
you want to return to the previous version, you must reimage your sensor and then copy the backup
configuration from a remote server to the reimaged sensor. You cannot use the downgrade command
to downgrade from 6.0(1)E1 to 5.1.
you want to return to the previous version, you must reimage your sensor and then copy the backup
configuration from a remote server to the reimaged sensor. You cannot use the downgrade command
to downgrade from 6.0(1)E1 to 5.1.
•
After you upgrade any IPS software on your sensor, you must restart the IDM to see the latest
software features.
software features.
•
You receive SNMP errors if you do not have the read-only-community and read-write-community
parameters configured before upgrading to IPS 6.0(1)E1. If you are using SNMP set and/or get
features, you must configure the read-only-community and read-write-community parameters
before upgrading to IPS 6.0(1)E1. In IPS 5.x, the read-only-community was set to public by default,
and the read-write-community was set to private by default. In IPS 6.0(1)E1 these two options do
not have default values. If you were not using SNMP gets and sets with IPS 5.x (for example,
enable-set-get was set to false), there is no problem upgrading to IPS 6.0(1)E1. If you were using
SNMP gets and sets with IPS 5.x (for example, enable-set-get was set to true), you must configure
the read-only-community and read-write-community parameters to specific values or the IPS
6.0(1)E1 upgrade fails. You receive the following error message:
parameters configured before upgrading to IPS 6.0(1)E1. If you are using SNMP set and/or get
features, you must configure the read-only-community and read-write-community parameters
before upgrading to IPS 6.0(1)E1. In IPS 5.x, the read-only-community was set to public by default,
and the read-write-community was set to private by default. In IPS 6.0(1)E1 these two options do
not have default values. If you were not using SNMP gets and sets with IPS 5.x (for example,
enable-set-get was set to false), there is no problem upgrading to IPS 6.0(1)E1. If you were using
SNMP gets and sets with IPS 5.x (for example, enable-set-get was set to true), you must configure
the read-only-community and read-write-community parameters to specific values or the IPS
6.0(1)E1 upgrade fails. You receive the following error message:
Error: execUpgradeSoftware : Notification Application “enable-set-get” value set to
true, but “read-only-community” and/or “read-write-community” are set to null. Upgrade
may not continue with null values in these fields.
•
IPS 6.0(1)E1 denies high risk events by default. This is a change from 5.x. To change the default,
create an event action override for the deny packet inline action and configure it to be disabled.
create an event action override for the deny packet inline action and configure it to be disabled.
For More Information
•
For more information on running the setup command, refer to
•
For the procedures for reimaging the sensor, refer to
•
For the procedure for obtaining and installing the sensor license, see
.
•
For information about SNMP values that must be configured before upgrading from 5.x to 6.0(1)E1,
see
see
•
For the procedure for restoring the configuration file, see
.
•
For more information on configuring SNMP, for the CLI procedure, refer to
. For
the IDM procedure, refer to
•
For the procedure for configuring event action overrides, for the CLI procedure, refer to