Cisco Cisco IPS 4255 Sensor
15
Release Notes for Cisco Intrusion Prevention System 7.0(8)E4
OL-26888-01
Upgrading to Cisco IPS
•
This service pack requires an automatic reboot of the sensor to apply the changes. Inline network
traffic will be disrupted during the reboot.
traffic will be disrupted during the reboot.
•
You cannot uninstall the 7.0(8)E4 service pack. You must reimage the sensor using a system image
file, which causes all configuration settings to be lost.
file, which causes all configuration settings to be lost.
•
After you upgrade any IPS software on your sensor, you must restart the IDM to see the latest
software features.
software features.
•
For supported sensors, use the IPS-K9-7.0-8-E4.pkg upgrade file. Use the following specific files
for these platforms:
for these platforms:
–
For the AIM IPS, use IPS-AIM-K9-7.0-8-E4.pkg.
–
For the NME IPS, use IPS-NME-K9-7.0-8-E4.pkg.
•
The Cisco.com IP address has been changed in the Auto Update configuration.
Caution
In IPS 7.0(8)E4 the default value of the Cisco server IP address has been changed from 198.133.219.25
to 72.163.4.161 in the Auto Update URL configuration. If you have automatic update configured on your
sensor, you may need to update firewall rules to allow the sensor to connect to this new IP address.
to 72.163.4.161 in the Auto Update URL configuration. If you have automatic update configured on your
sensor, you may need to update firewall rules to allow the sensor to connect to this new IP address.
•
Using automatic update:
–
If you are using automatic update with a mixture of AIM IPS, NME IPS, and other IPS
appliances or modules, make sure you put both the 7.0(8)E4 upgrade file
(IPS-K9-7.0-8-E4.pkg), the AIM IPS upgrade file (IPS-AIM-K9-7.0-8-E4.pkg), and the
NME IPS upgrade file (IPS-NME-K9-7.0-8-E4.pkg) on the automatic update server so that the
AIM IPS and NME IPS can correctly detect which file needs to be automatically downloaded
and installed. If you only put the 7.0(8)E4 upgrade file (IPS-K9-7.0-8-E4.pkg) on the server, the
AIM IPS and NME IPS will download and try to install the wrong file.
appliances or modules, make sure you put both the 7.0(8)E4 upgrade file
(IPS-K9-7.0-8-E4.pkg), the AIM IPS upgrade file (IPS-AIM-K9-7.0-8-E4.pkg), and the
NME IPS upgrade file (IPS-NME-K9-7.0-8-E4.pkg) on the automatic update server so that the
AIM IPS and NME IPS can correctly detect which file needs to be automatically downloaded
and installed. If you only put the 7.0(8)E4 upgrade file (IPS-K9-7.0-8-E4.pkg) on the server, the
AIM IPS and NME IPS will download and try to install the wrong file.
–
When you upgrade the AIM IPS or NME IPS using automatic update, you must disable
heartbeat reset on the router before placing the upgrade file on your automatic update server.
After the AIM IPS and NME IPS have been automatically updated, you can reenable heartbeat
reset. If you do not disable heartbeat reset, the update can fail and leave the AIM IPS and NME
IPS in an unknown state, which can require a system reimage to recover.
heartbeat reset on the router before placing the upgrade file on your automatic update server.
After the AIM IPS and NME IPS have been automatically updated, you can reenable heartbeat
reset. If you do not disable heartbeat reset, the update can fail and leave the AIM IPS and NME
IPS in an unknown state, which can require a system reimage to recover.
–
If you are using automatic update from an FTP or SCP server with a mixture of platforms that
are supported by IPS 7.0(8)E4 as well as platforms that are not supported by IPS 7.0(8)E4, we
recommend that you create a separate automatic update directory for the IPS 7.0(8)E4 files.
Modify the automatic update configuration for sensors supporting IPS 7.0(8)E4 to point to the
new directory. Placing the IPS 7.0(8)E4 files in the automatic update directory for those sensors
not supporting IPS 7.0(8)E4 results in those sensors constantly downloading the update and
generating errors during the attempted update.
are supported by IPS 7.0(8)E4 as well as platforms that are not supported by IPS 7.0(8)E4, we
recommend that you create a separate automatic update directory for the IPS 7.0(8)E4 files.
Modify the automatic update configuration for sensors supporting IPS 7.0(8)E4 to point to the
new directory. Placing the IPS 7.0(8)E4 files in the automatic update directory for those sensors
not supporting IPS 7.0(8)E4 results in those sensors constantly downloading the update and
generating errors during the attempted update.
•
Using manual update:
–
If you want to manually update your sensor, copy the IPS 7.0(8)E4 update files to the directory
on the server that your sensor polls for updates.
on the server that your sensor polls for updates.
–
When you upgrade the AIM IPS or NME IPS using manual upgrade, you must disable heartbeat
reset on the router before installing the upgrade. You can reenable heartbeat reset after you
complete the upgrade. If you do not disable heartbeat reset, the upgrade can fail and leave the
AIM IPS or NME IPS in an unknown state, which can require a system reimage to recover.
reset on the router before installing the upgrade. You can reenable heartbeat reset after you
complete the upgrade. If you do not disable heartbeat reset, the upgrade can fail and leave the
AIM IPS or NME IPS in an unknown state, which can require a system reimage to recover.
•
Global correlation health status defaults to red and changes to green after a successful global
correlation update. Successful global correlation updates require a DNS server or an HTTP proxy
server. Because DNS and HTTP proxy server configuration features are beginning with
correlation update. Successful global correlation updates require a DNS server or an HTTP proxy
server. Because DNS and HTTP proxy server configuration features are beginning with