Signature File Definition
End of Signature Release Support Milestones and Conditions for Cisco IDS/IPS Signature Updates
a) Signature file updates that are downloadable from Cisco.com
b) Cisco IPS Threat Defense e-mail bulletins notifying customers of the availability of new signature file update packages, threat information, or support
a) At least twelve (12) months of signature release support after first customer ship (FCS) of all minor and major software releases and twelve (12) months of signature release support after the end of sale of a major release.
i. For major-to-major releases (e.g., Version "A".x to Version "B".y, where "A" and "B" are consecutive version numbers): Minimum of eighteen (18) months of signature release support after the end-of-sale announcement of that older software release. This 18-month signature release support window consists of no fewer than six (6) months between the software end-of-sale announce date and the actual software end-of-sale date, and no more than twelve (12) months of signature release support after the software end-of-sale date.
ii. For minor-to-minor releases (e.g., v5.x to v5.y): Twelve (12) months of signature release support after the announcement of the availability of the new minor release (e.g., v5.y). Signature release support for the older minor release (e.g., v5.x) typically aligns with the end-of-sale date of the minor software release.
iii. For service-pack-to-service-pack releases (e.g., v5.1(x) to v5.1(y)): A minimum of twelve (12) months of signature release support, including at least six (6) months after the announcement of the availability of the new service pack, provided no software issues prevent signature updates from being installed and operating correctly.
Operational flow example: IPSv5.1(x) to IPSv5.1(y), where "x" and "y" are service pack (i.e., maintenance release) numbers: Assuming service pack "x: has been available for six (6) months, after the announcement of service pack "y," customers on service pack "x" will have at least six (6) months to migrate to service pack "y." During the six (6)-month window, signature support will be available for both "x" and "y." If service pack "x" had only been available for three (3) months prior to service pack "y" becoming available, customers on service pack "x" would have nine (9) months to migrate to service pack "y."
iv. For engine updates in IPSv6.y(y)-Ex, IPSv7.y(y)-Ex (where the "x" is the engine number): Signature updates will only be released for the most current engine. Previously released signature updates for older engines will be supported for sixty (60) days after the release of a newer engine. New engine updates created after declaring that a release has reached end-of-sale status will not be integrated into the software release that has reached end-of-sale status. Signature release support will only be provided for the existing set of signature engines available for that release, thus affecting the completeness of signature coverage. New engine updates will not be back-ported to older versions.
Operational flow example: When signature updates are released. they will require the sensor to be running a minimum engine number. For example, IPS-sig-S680-req-E4 would require the sensor to be running IPSv7.1(5)-E4 and/or IPSv6.2(4)-E4.
v. Caveats: If a software issue in a major release, minor release, or service pack prevents signature updates from being installed and operating correctly, the customer may remain at the last "good" signature release or install the software release that includes a fix for the issue. Cisco will note this requirement in the release documentation.
b) Signature support for hardware platforms that are past their end-of-sale date may be delivered through subsequent major or minor software releases available for that hardware platform. Customers will be required to upgrade to those new software releases to maintain signature release support.
c) Hardware products announced as reaching end-of-sale status are provided with software support for three (3) years. In the event that a major or minor software release is not supported on the end-of-sale hardware, Cisco will support signature releases for up to three (3) years after the hardware end-of-sale date on the last available software release for that hardware platform.
For More Information