Cisco Cisco IPS 4255 Sensor
15
Release Notes for Cisco Intrusion Prevention System 7.0(4)E4
OL-22789-01
Upgrading to Cisco IPS
•
The minimum required version for upgrading to 7.0(4)E4 is 5.1(6)E3 or later.
•
After you upgrade any IPS software on your sensor, you must restart the IDM to see the latest
software features.
software features.
•
For supported sensors, use the IPS-K9-7.0-4.E4.pkg upgrade file. Use the following specific files
for these platforms:
for these platforms:
–
For the AIM IPS, use IPS-AIM-K9-7.0-4.E4.pkg
–
For the NME IPS, use IPS-NME-K9-7.0-4.E4.pkg
•
Using automatic update:
–
If you are using automatic update with a mixture of the AIM IPS, NME IPS, and other IPS
appliances or modules, make sure you put both the 7.0-4.E4 upgrade file
(IPS-K9-7.0-4.E4.pkg), the AIM IPS upgrade file (IPS-AIM-K9-7.0-4.E4.pkg), and the
NME IPS upgrade file (IPS-NME-K9-7.0-4.E4.pkg) on the automatic update server so that the
AIM IPS and the NME IPS can correctly detect which file needs to be automatically
downloaded and installed. If you only put the 7.0(4)E4 upgrade file (IPS-K9-7.0-4.E4.pkg) on
the server, the AIM IPS and the NME IPS will download and try to install the wrong file.
appliances or modules, make sure you put both the 7.0-4.E4 upgrade file
(IPS-K9-7.0-4.E4.pkg), the AIM IPS upgrade file (IPS-AIM-K9-7.0-4.E4.pkg), and the
NME IPS upgrade file (IPS-NME-K9-7.0-4.E4.pkg) on the automatic update server so that the
AIM IPS and the NME IPS can correctly detect which file needs to be automatically
downloaded and installed. If you only put the 7.0(4)E4 upgrade file (IPS-K9-7.0-4.E4.pkg) on
the server, the AIM IPS and the NME IPS will download and try to install the wrong file.
–
When you upgrade the AIM IPS or the NME IPS using automatic update, you must disable
heartbeat reset on the router before placing the upgrade file on your automatic update server.
After the AIM IPS and the NME IPS have been automatically updated, you can reenable
heartbeat reset. If you do not disable heartbeat reset, the update can fail and leave the AIM IPS
and the NME IPS in an unknown state, which can require a system reimage to recover.
heartbeat reset on the router before placing the upgrade file on your automatic update server.
After the AIM IPS and the NME IPS have been automatically updated, you can reenable
heartbeat reset. If you do not disable heartbeat reset, the update can fail and leave the AIM IPS
and the NME IPS in an unknown state, which can require a system reimage to recover.
–
If you are using automatic update from an FTP or SCP server with a mixture of platforms that
are supported by IPS 7.0(4)E4 as well as platforms that are not supported by IPS 7.0(4)E4, we
recommend that you create a separate automatic update directory for the IPS 7.0(4)E4 files.
Modify the automatic update configuration for sensors supporting IPS 7.0(4)E4 to point to the
new directory. Placing the IPS 7.0(4)E4 files in the automatic update directory for those sensors
not supporting IPS 7.0(4)E4 results in those sensors constantly downloading the update and
generating errors during the attempted update.
are supported by IPS 7.0(4)E4 as well as platforms that are not supported by IPS 7.0(4)E4, we
recommend that you create a separate automatic update directory for the IPS 7.0(4)E4 files.
Modify the automatic update configuration for sensors supporting IPS 7.0(4)E4 to point to the
new directory. Placing the IPS 7.0(4)E4 files in the automatic update directory for those sensors
not supporting IPS 7.0(4)E4 results in those sensors constantly downloading the update and
generating errors during the attempted update.
•
Using manual update:
–
If you want to manually update your sensor, copy the IPS 7.0(4)E4 update files to the directory
on the server that your sensor polls for updates.
on the server that your sensor polls for updates.
–
When you upgrade the AIM IPS or the NME IPS using manual upgrade, you must disable
heartbeat reset on the router before installing the upgrade. You can reenable heartbeat reset after
you complete the upgrade. If you do not disable heartbeat reset, the upgrade can fail and leave
the AIM IPS or the NME IPS in an unknown state, which can require a system reimage to
recover.
heartbeat reset on the router before installing the upgrade. You can reenable heartbeat reset after
you complete the upgrade. If you do not disable heartbeat reset, the upgrade can fail and leave
the AIM IPS or the NME IPS in an unknown state, which can require a system reimage to
recover.
•
Global correlation health status defaults to red and changes to green after a successful global
correlation update. Successful global correlation updates require a DNS server or an HTTP proxy
server. Because DNS and HTTP proxy server configuration features are beginning with
IPS 7.0(1)E3, they are unconfigured after an upgrade from 6.x to 7.0(1)E3 or higher. As a result,
global correlation health and overall sensor health status are red until you configure a DNS or HTTP
proxy server on the sensor. If the sensor is deployed in an environment where a DNS or HTTP proxy
server is not available, you can address the red global correlation health and overall sensor health
status by disabling global correlation and configuring sensor health status not to include global
correlation health status.
correlation update. Successful global correlation updates require a DNS server or an HTTP proxy
server. Because DNS and HTTP proxy server configuration features are beginning with
IPS 7.0(1)E3, they are unconfigured after an upgrade from 6.x to 7.0(1)E3 or higher. As a result,
global correlation health and overall sensor health status are red until you configure a DNS or HTTP
proxy server on the sensor. If the sensor is deployed in an environment where a DNS or HTTP proxy
server is not available, you can address the red global correlation health and overall sensor health
status by disabling global correlation and configuring sensor health status not to include global
correlation health status.
•
If you install an update on your sensor and the sensor is unusable after it reboots, you must reimage
your sensor. You can reimage your sensor in the following ways:
your sensor. You can reimage your sensor in the following ways:
–
For all sensors, use the recover command.