Guest

Cisco Services Modules

Field Notice: FN - 63584 - IPS Sensors: Change in Server IP Address for IPS Signature Updates

Field Notice: FN - 63584 - IPS Sensors: Change in Server IP Address for IPS Signature Updates

November 14, 2012


NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision Date Comment
1.0
14-NOV-2012
Initial Public Release

Products Affected

Products Affected
IPS - 6.2
IPS - 7.0
IPS - 7.1

Problem Description

Customers that subscribe to automatic Intrusion Prevention System (IPS) signature/sensor updates are required to change the Cisco.com server IP address prior to January 25, 2013.

Customers that use Cisco Security Manager (CSM) to provide automatic IPS signature/sensor updates are not affected by the server change since CSM uses the DNS name to resolve the server IP address.

Background

Customers that use IPS depend on continuous signature updates from Cisco for up-to-date protection of their network.

On January 25, 2013, the server IP address that supports the Cisco.com IPS Auto Update feature will be permanently changed from 198.133.219.25 to 72.163.4.161. Both IP addresses currently run in parallel in order to allow customers to migrate during a maintenance window between now and January 25, 2013 . This change affects IPS sensors that run 6.2, 7.0, and 7.1 code versions configured for Cisco.com Auto Update. In order to maintain consistent automatic signature updates, the Auto Update URL should be configured in order to reflect the new IP address.

Problem Symptoms

Customers that do not change the Cisco.com server IP address prior to January 25, 2013 might not receive automatic IPS signature updates and could potentially be vulnerable to security threats.

Workaround/Solution

Use one of these procedures in order to change the server IP address that supports the Cisco.com IPS Auto Update feature from 198.133.219.25 to 72.163.4.161. Both IP addresses currently run in parallel in order to allow customers to migrate during a maintenance window between now and January 25, 2013.

In order to guarantee that you continue to receive automatic IPS signature updates from Cisco for up-to-date network protection, complete one of these procedures by January 25, 2013.

NOTE: Firewall rules might need to be updated in order to allow sensor connectivity to this new IP Address.

Update the Auto Update URL Using the CLI (IPS 7.0(8), IPS 7.1(6) and later)

A sensor that runs IPS 7.0(8) or IPS 7.1(6) might still have the old auto-update IP address if originally configured with IDM/IME in a previous release. Enter this command to verify the current configuration:

sensor#show conf | include cisco-url

If the command output references 198.133.219.25, enter these commands to default the configuration to the updated IP address:

sensor#conf t
sensor(config)#service host
sensor(config-hos)#auto-upgrade
sensor(config-hos-aut)#cisco-server enabled
sensor(config-hos-aut-ena)#default cisco-url
sensor(config-hos-aut-ena)#exit
sensor(config-hos-aut)#exit
sensor(config-hos)#exit
Apply Changes?[yes]:yes

Update the Auto Update URL Using the CLI (all other IPS versions)

NOTE: Do not change the double slash (//) at the end of the IP address shown in this configuration.

sensor#config t
sensor(config)#service host
sensor(config-hos)#auto-upgrade
sensor(config-hos-aut)#cisco-server enabled
sensor(config-hos-aut-ena)#cisco-url https://72.163.4.161//cgi-bin/front.x/ida/locator/locator.pl
sensor(config-hos-aut-ena)#exit
sensor(config-hos-aut)#exit
sensor(config-hos)#exit
Apply Changes?[yes]:yes

Update the Auto Update URL Using IDM/IME

  1. Navigate to Configuration > Sensor Management > Auto/Cisco.com Update.
  2. Click the Cisco.com Server Settings section heading.
  3. Copy and paste this value into the Cisco.com URL field.
  4. https://72.163.4.161//cgi-bin/front.x/ida/locator/locator.pl

    NOTE: Do not change the double slash (//) at the end of the IP address.

  5. Click Apply in order to deploy the configuration to the sensor.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.