Cisco Cisco IPS 4255 Sensor
19
Release Notes for Cisco Intrusion Prevention System 6.0(6)E4
OL-21669-01
Upgrading to Cisco IPS 6.0(6)E4
•
For supported sensors, use the IPS-K9-6.0-6-E4.pkg upgrade file. For AIM-IPS, use
IPS-AIM-K9-6.0-6-E4.pkg
IPS-AIM-K9-6.0-6-E4.pkg
•
The sensor goes in to the configured bypass mode during the update as the inspection software is
stopped, replaced, and restarted. The sensor automatically exits bypass mode and resumes traffic
inspection upon completion of the new inspection software startup and configuration. The engine
update procedure normally installs the update without rebooting the sensor. However, if an error is
detected during the update, the installation process attempts to reboot the sensor in order to leave
the sensor in an operational state.
stopped, replaced, and restarted. The sensor automatically exits bypass mode and resumes traffic
inspection upon completion of the new inspection software startup and configuration. The engine
update procedure normally installs the update without rebooting the sensor. However, if an error is
detected during the update, the installation process attempts to reboot the sensor in order to leave
the sensor in an operational state.
•
When you upgrade the AIM IPS, you must disable heartbeat reset on the router before installing an
upgrade. You can reenable heartbeat reset after you complete the upgrade. If you do not disable
heartbeat reset, the upgrade can fail and leave the AIM IPS in an unknown state, which may require
a system reimage to recover.
upgrade. You can reenable heartbeat reset after you complete the upgrade. If you do not disable
heartbeat reset, the upgrade can fail and leave the AIM IPS in an unknown state, which may require
a system reimage to recover.
•
After you upgrade any IPS software on your sensor, you must restart the IDM to see the latest
software features.
software features.
•
If you try to upgrade a 5.1(8) sensor to 6.0(6)E4, you may receive an error that Analysis Engine is
not running:
not running:
sensor# upgrade scp://user@10.1.1.1/upgrades/IPS-K9-6.0-6-E4.pkg
Password: ********
Warning: Executing this command will apply a major version upgrade to the application
partition. The system may be rebooted to complete the upgrade.
Continue with upgrade?: yes
Error: Analysis Engine is not running. Please reset box and attempt upgrade again.
If you receive this error, you must get Analysis Engine running before trying to upgrade again. This
error is often caused by a defect in the currently running version. Try rebooting the sensor, and after
reboot, run the setup command and remove the interfaces from the virtual sensor vs0. When it is not
monitoring traffic, Analysis Engine usually stays up and running. You can upgrade to 6.0(6)E4 at
this time. After the upgrade to IPS 6.0(6)E4, add the interfaces back to the virtual sensor vs0 using
the setup command.
error is often caused by a defect in the currently running version. Try rebooting the sensor, and after
reboot, run the setup command and remove the interfaces from the virtual sensor vs0. When it is not
monitoring traffic, Analysis Engine usually stays up and running. You can upgrade to 6.0(6)E4 at
this time. After the upgrade to IPS 6.0(6)E4, add the interfaces back to the virtual sensor vs0 using
the setup command.
Or you can use the system image file to reimage directly to IPS 6.0(6)E4. You can reimage a 5.x
sensor to 6.0(6)E4 because the reimage process does not check to see if Analysis Engine is running.
sensor to 6.0(6)E4 because the reimage process does not check to see if Analysis Engine is running.
Caution
Reimaging using the system image file restores all configuration defaults.
•
When you upgrade to 6.0(6)E4 the sensor configuration settings are maintained, but all data written
to Event Store and any unsupported customizations are lost.
to Event Store and any unsupported customizations are lost.
The upgrade may stop if it comes across a value that it cannot translate. If this occurs, the resulting
error message provides enough information to adjust the parameter to an acceptable value. After
editing the configuration, try the upgrade again.
error message provides enough information to adjust the parameter to an acceptable value. After
editing the configuration, try the upgrade again.
•
As with all upgrades, we strongly recommend that you save a copy of the current configuration
settings of the sensor to an FTP server before upgrading your sensor.
settings of the sensor to an FTP server before upgrading your sensor.
•
You cannot uninstall this service pack. To return to the previous version of the sensor, you must
reimage the sensor and then upgrade (if necessary) to return it to the previous version. You can then
reapply the configuration settings from your saved copy.
reimage the sensor and then upgrade (if necessary) to return it to the previous version. You can then
reapply the configuration settings from your saved copy.
•
In 6.0(6)E4, you will receive messages indicating the you need to install a license. The sensor
functions properly without a license, but you will need a license to install signature updates.
functions properly without a license, but you will need a license to install signature updates.