Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco IPS 4200 Series Sensors

Release Notes for Cisco Intrusion Prevention System 5.1

Downloads

Table Of Contents

Release Notes for Cisco Intrusion Prevention System 5.1

Contents

Supported Platforms

Before Upgrading to Cisco IPS 5.1

Copying and Restoring the Configuration File Using a Remote Server

Upgrading the IDS-4210 Memory

Upgrading the IDS-4215 BIOS

Connecting IPS-4240 to a Cisco 7200 Series Router

Upgrading to Cisco IPS 5.1

Upgrading from 4.x to 5.1

Obtaining Software on Cisco.com

Applying for a Cisco.com Account with Cryptographic Access

IPS Software Versioning

IPS Software Image Naming Conventions

Major and Minor Updates, Service Packs, and Patch Releases

Signature/Virus Updates and Signature Engine Updates

Recovery, Manufacturing, and System Images

5.1 Software Release Examples

Upgrading to 5.1

After Upgrading to Cisco IPS 5.1

Comparing Configurations

SSL Certificate

Increasing the Memory Size of the Java Plug-In

Java Plug-In on Windows

Java Plug-In on Linux and Solaris

Licensing the Sensor

Overview

Service Programs for IPS Products

Obtaining and Installing the License Key

Restrictions and Limitations

IPS Management and Event Viewers

New and Changed Information

New Features

MySDN

Overview

Accessing Signatures on MySDN

Cisco IPS Active Update Bulletins

IPS 5.1 Files

Password Recovery

Caveats

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines


Release Notes for Cisco Intrusion Prevention System 5.1

April 2007

Contents

Supported Platforms

Before Upgrading to Cisco IPS 5.1

Connecting IPS-4240 to a Cisco 7200 Series Router

Upgrading to Cisco IPS 5.1

IPS Software Versioning

After Upgrading to Cisco IPS 5.1

Restrictions and Limitations

IPS Management and Event Viewers

New and Changed Information

Password Recovery

Caveats

Related Documentation

Obtaining Documentation, Obtaining Support, and Security Guidelines

Caution The BIOS on Cisco IDS/IPS sensors is specific to Cisco IDS/IPS sensors and must only be upgraded under instructions from Cisco with BIOS files obtained from the Cisco website. Installing a non-Cisco or third-party BIOS on Cisco IDS/IPS sensors voids the warranty. For more information on how to obtain instructions and BIOS files from the Cisco website, see Obtaining Obtaining Software on Cisco.com.

Supported Platforms

Cisco IPS 5.1 is supported on the following platforms:

IDS-4210 Series Sensor Appliances

IDS-4215 Series Sensor Appliances

IDS-4235 Series Sensor Appliances

IPS-4240 Series Sensor Appliances

IDS-4250 Series Sensor Appliances

IPS-4255 Series Sensor Appliances

IPS-4260 Series Sensor Appliances

WS-SVC-IDSM2 series Intrusion Detection System Module (IDSM-2)

NM-CIDS Intrusion Detection System Network Module

ASA-SSM-AIP-10 series Cisco ASA Advanced Inspection and Prevention Security Service Modules (AIP-SSM)

ASA-SSM-AIP-20 series Cisco ASA Advanced Inspection and Prevention Security Service Modules (AIP-SSM)

Before Upgrading to Cisco IPS 5.1

Before you upgrade your sensors to Cisco IPS 5.1, make sure you have performed the following tasks:

Created a backup copy of your configuration.

For the procedure, see Copying and Restoring the Configuration File Using a Remote Server.

Saved the output of the show version command.

If you need to downgrade a service pack or signature update, you will know what versions you had, and you can then apply the configuration you saved when you backed up your configuration. For the procedure, refer to "Displaying Version Information," in Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 5.1. For the procedure for downgrading your sensor, refer to "Upgrading, Downgrading, and Installing System Images," in Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 5.1.

Note You cannot use the downgrade command to downgrade from 5.1 to 5.0 You can only downgrade from new service packs and signature upgrades to the previous version of service pack or signature upgrade.

Upgraded the IDS-4210 memory to 512 MB.

For the procedure, see Upgrading the IDS-4210 Memory.

Upgraded the IDS-4215 BIOS to the most recent version.

For the procedure, see Upgrading the IDS-4215 BIOS.

This section contains the following topics:

Copying and Restoring the Configuration File Using a Remote Server

Upgrading the IDS-4210 Memory

Upgrading the IDS-4215 BIOS

Copying and Restoring the Configuration File Using a Remote Server

Use the copy [/erase] source_url destination_url keywords command to copy the configuration file to a remote server. You can then restore the current configuration from the remote server. You are prompted to back up the current configuration first.

Note We recommend copying the current configuration file to a remote server before upgrading.

The following options apply:

/erase—Erases the destination file before copying.

This keyword only applies to the current-config; the backup-config is always overwritten. If this keyword is specified for destination current-config, the source configuration is applied to the system default configuration. If it is not specified for the destination current-config, the source configuration is merged with the current-config.

source_url—The location of the source file to be copied. It can be a URL or keyword.

destination_url—The location of the destination file to be copied. It can be a URL or a keyword.

The exact format of the source and destination URLs varies according to the file. Here are the valid types:

ftp:—Source or destination URL for an FTP network server. The syntax for this prefix is:

ftp:[//[username@] location]/relativeDirectory]/filename

ftp:[//[username@]location]//absoluteDirectory]/filename

scp:—Source or destination URL for the SCP network server. The syntax for this prefix is:

scp:[//[username@] location]/relativeDirectory]/filename

scp:[//[username@] location]//absoluteDirectory]/filename

Note If you use FTP or SCP protocol, you are prompted for a password. If you use SCP protocol, you must add the remote host to the SSH known hosts list. For the procedure, refer to "Adding Hosts to the SSH Known Hosts List," in Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 5.1.

http:—Source URL for the web server. The syntax for this prefix is:

http:[[/[username@]location]/directory]/filename

https:—Source URL for the web server. The syntax for this prefix is:

https:[[/[username@]location]/directory]/filename

Note If you use HTTPS, the remote host must be a TLS trusted host. For the procedure, refer to "Adding TLS Trusted Hosts," in Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 5.1.

The following keywords are used to designate the file location on the sensor:

current-config—The current running configuration. The configuration becomes persistent as the commands are entered.

backup-config—The storage location for the configuration backup.

Caution Copying a configuration file from another sensor may result in errors if the sensing interfaces and virtual sensors are not configured the same.

To back up and restore your current configuration, follow these steps:

Step 1 Log in to the CLI using an account with administrator privileges.

Step 2 To back up the current configuration to the remote server: 

sensor# copy current-config ftp://qa_user@10.89.146.1//tftpboot/update/qmaster89.cfg

Password: ********

Step 3 To restore the configuration file that you copied to the remote server: 

sensor# copy ftp://qa_user@10.89.146.1//tftpboot/update/qmaster89.cfg current-config 

Password: ********

Warning: Copying over the current configuration may leave the box in an unstable state.

Would you like to copy current-config to backup-config before proceeding? [yes]:

Step 4 Press Enter to copy the configuration file or enter no to stop.

Upgrading the IDS-4210 Memory

IDS-4210, IDS-4210-K9, and IDS-4210-NFR must have 512 MB of RAM to support Cisco IPS 5.x. If you are upgrading an existing IDS-4210, IDS-4210-K9, or IDS-4210-NFR to 5.x, you must insert one additional 256-MB DIMM (part number IDS-4210-MEM-U) to upgrade the memory to the required 512 MB minimum.

Note Do not install an unsupported DIMM. Doing so nullifies the warranty.

Caution Follow proper safety procedures when performing these steps by reading the safety warnings in Regulatory Compliance and Safety Information for the Cisco Intrusion Detection and Prevention System 4200 Series Appliance Sensor.

To upgrade the memory, follow these steps:

Step 1 Log in to the CLI.

Step 2 Prepare the appliance to be powered off: 

sensor# reset powerdown

Wait for the power down message before continuing with Step 3.

Note You can also power down the sensor from IDM or ASDM.

Step 3 Power off the appliance.

Step 4 Remove the power cord and other cables from the appliance.

Step 5 Place the appliance in an ESD-controlled environment.

For more information, see "Working in an ESD Environment," in Installing Cisco Intrusion Prevention System Appliances and Modules 5.1.

Step 6 Remove the chassis cover by unscrewing the screw on the front of the cover and sliding the cover straight back.

Step 7 Locate the DIMM sockets and select an empty DIMM socket next to the existing DIMM.

Note The existing DIMM is installed in socket 0. The angled position of the DIMM sockets make installing an additional DIMM in socket 1 difficult if a DIMM occupies socket 0. Therefore, you should first remove the existing DIMM from socket 0, place the new DIMM in socket 1, and then replace the existing DIMM in socket 0.

Step 8 Locate the ejector tabs on either side of the DIMM socket. Press down and out on tabs to open the slot in the socket.

Step 9 Install the new DIMM, by positioning the DIMM into the socket and pressing it into place.

Note Do not force the DIMM into the socket. Alignment keys on the DIMM ensure that it only fits in the socket one way. If you need additional leverage, you can gently press down on the DIMM with your thumbs while pulling up on the ejector tabs.

Step 10 Replace the chassis cover and reconnect the power.

Step 11 Power on the sensor and make sure the new memory total is correct.

Note If the memory total does not reflect the added DIMMs, repeat Steps 1 through 4 to ensure the DIMMs are seated correctly in the socket.

Upgrading the IDS-4215 BIOS

The BIOS/ROMMON upgrade utility (IDS-4215-bios-5.1.7-rom-1.4.bin) upgrades the BIOS of IDS-4215 to version 5.1.7 and the ROMMON to version 1.4.

To upgrade the BIOS and ROMMON on IDS-4215, follow these steps:

Step 1 Download the BIOS ROMMON upgrade utility (IDS-4215-bios-5.1.7-rom-1.4.bin) to the TFTP root directory of a TFTP server that is accessible from IDS-4215.

For the procedure for locating software on Cisco.com, see Obtaining Software on Cisco.com.

Note Make sure you can access the TFTP server location from the network connected to the Ethernet port of IDS-4215.

Step 2 Boot IDS-4215.

While rebooting, IDS-4215 runs the BIOS POST. After the completion of POST, the console displays the message: Evaluating Run Options ...for about 5 seconds.

Step 3 Press Ctrl-R while this message is displayed to display the ROMMON menu.

The console display resembles the following: 

CISCO SYSTEMS IDS-4215

Embedded BIOS Version 5.1.3 05/12/03 10:18:14.84

Compiled by ciscouser

Evaluating Run Options ...

Cisco ROMMON (1.2) #0: Mon May 12 10:21:46 MDT 2003

Platform IDS-4215

0: i8255X @ PCI(bus:0 dev:13 irq:11)

1: i8255X @ PCI(bus:0 dev:14 irq:11)

Using 1: i82557 @ PCI(bus:0 dev:14 irq:11), MAC: 0000.c0ff.ee01

Use ? for help.

rommon>

Step 4 If necessary, change the port number used for the TFTP download: 

rommon> interface port_number

The port in use is listed just before the rommon prompt. Port 1 (default port) is being used as indicated by the text, Using 1: i82557 @ PCI(bus:0 dev:14 irq:11), MAC: 0000.c0ff.ee01.

Note Ports 0 (monitoring port) and 1 (command and control port) are labeled on the back of the chassis.

Step 5 Specify an IP address for the local port on IDS-4215: 

rommon> address ip_address

Note Use the same IP address that is assigned to IDS-4215.

Step 6 Specify the TFTP server IP address: 

rommon> server ip_address

Step 7 Specify the gateway IP address: 

rommon> gateway ip_address

Step 8 Verify that you have access to the TFTP server by pinging it from the local Ethernet port: 

rommon> ping server_ip_address

rommon> ping server

Step 9 Specify the filename on the TFTP file server from which you are downloading the image: 

rommon> file filename

Example: 

rommon> file IDS-4215-bios-5.1.7-rom-1.4.bin

Note The syntax of the file location depends on the type of TFTP server used. Contact your system or network administrator for the appropriate syntax if the above format does not work.

Step 10 Download and run the update utility: 

rommon> tftp

Step 11 Type y at the upgrade prompt and the update is executed.

IDS-4215 reboots when the update is complete.

Caution Do not remove power to IDS-4215 during the update process, otherwise the upgrade can get corrupted. If this occurs, IDS-4215 will be unusable and require an RMA.

Connecting IPS-4240 to a Cisco 7200 Series Router

When an IPS-4240 is connected directly to a 7200 series router and both the IPS-4240 and the router interfaces are hard-coded to speed 100 with duplex Full, the connection does not work. If you set IPS-4240 to speed Auto and duplex Auto, it connects to the router but only at speed 100 and duplex Half.

To connect correctly at speed 100 and duplex Full, set the interfaces of both IPS-4240 and the router to speed Auto and duplex Auto. Also, if either interface is hard-coded, you must make the connection using a crossover cable.

Upgrading to Cisco IPS 5.1

This section provides information on upgrading to IPS 5.1. It contains the following topics:

Upgrading from 4.x to 5.1

Obtaining Software on Cisco.com

Applying for a Cisco.com Account with Cryptographic Access

IPS Software Versioning

Upgrading to 5.1

Upgrading from 4.x to 5.1

The following caveats apply to upgrading from 4.x to 5.1:

If you have 4.0 installed on your sensor, you must upgrade to 4.1, then upgrade to 5.0, then upgrade to 5.1.

If you try to upgrade a 4.0 sensor to 5.0, you receive an error that Analysis Engine is not running rather than an error that the sensor cannot be upgraded from 4.0 to 5.0: 

sensor# upgrade scp://user@10.1.1.1/upgrades/IPS-K9-maj-5.0-1-S148.rpm.pkg

Password: ********

Warning: Executing this command will apply a major version upgrade to the application 
partition. The system may be rebooted to complete the upgrade.

Continue with upgrade? : yes

Error: AnalysisEngine is not running. Please reset box and attempt upgrade again.

If you receive this error, you must upgrade from 4.0 to 4.1 and then to 5.0. Or you can use the recovery CD (if your sensor has a CD-ROM) or the system image file to reimage directly to version 5.1. You can reimage a 4.0 sensor to 5.0 because the reimage process does not check to see what version was previously installed.

In 4.x, custom signature IDs start at 20000. Any custom signatures that you have created in 4.x are converted to the 5.x custom signature range, which begins at 60000.

In 4.x, there is a parameter that lets you enable and disable signatures. In 5.x, there is a similar parameter, but there is also a parameter that lets you retire and unretire signatures. When you upgrade to 5.x, some signatures will be marked as enabled; however, they may also have been retired in 5.x and therefore the enabled setting is ignored. You must manually unretire the signature to ensure that it is enabled. Refer to "Enabling and Retiring Signatures," in Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 5.1 or Installing and Using Cisco Intrusion Prevention System Device Manager 5.1.

In 5.1, you will receive messages indicating the you need to install a license. The sensor functions properly without a license, but you will need a license to install signature updates. For the procedure, see Licensing the Sensor.

Upgrading from 4.1 to 5.x preserves the configuration of the sensor. The upgrade may stop if it comes across a value that it cannot translate. If this occurs, the resulting error message provides enough information to adjust the parameter to an acceptable value. After editing the configuration, try the upgrade again.

After you upgrade from 4.x to 5.0, you cannot downgrade. If you want to return to the previous version, you must reimage (refer to "Upgrading, Downgrading, and Installing System Images," in Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 5.1) and then copy the backup configuration to the reimaged sensor. For the procedure, see Copying and Restoring the Configuration File Using a Remote Server. You cannot downgrade from 5.1 to 5.0.

IDS MC cannot manage sensors that have been upgraded to 5.x until the IDS MC 2.1 release.

Obtaining Software on Cisco.com

You can find major and minor updates, service packs, signature and signature engine updates, system and recovery files, firmware upgrades, and readmes at Software Downloads on Cisco.com.

Note You must be logged in to Cisco.com to access Software Downloads.

Signature updates are posted to Cisco.com approximately every week, more often if needed. Service packs are posted to Cisco.com as needed. Major and minor updates are also posted periodically.

You must have an active IPS maintenance contract and a Cisco.com password to download software. For information on obtaining a Cisco.com account with cryptographic access, see Applying for a Cisco.com Account with Cryptographic Access.

Check Cisco.com regularly for the latest IPS software.

Note Beginning with 5.x, you must have a license to apply signature updates. For more information, see Licensing the Sensor.

To access Software Downloads on Cisco.com, follow these steps:

Step 1 Go to Cisco.com.

Step 2 Log in to Cisco.com.

Step 3 Choose Support > Software Downloads.

Step 4 Under Select a Software Product Category, choose Cisco Secure Software.

Step 5 Under Cisco Secure Software, choose Cisco Intrusion Detection System (IDS).

Step 6 On the Software Center (Downloads) page, under Network IPS/IDS Sensors - All Supported Platforms (Except IOS IPS), locate your version and choose the applicable software link:

Latest Signature Update—Lets you download the most recent signature updates.

Latest Upgrades (Major, Minor, Service Pack, Engine)—Lets you download the most recent major and minor updates, service packs and engine updates.

System and Recovery Images—Lets you download the images you need to reimage your sensor.

Note You must have an IPS subscription service license to download software. For more information, see Licensing the Sensor.

Step 7 On the Software Download page, choose the file you need.

To sort by Filename, Release, Date, or Size, choose the option from the drop-down menu and click Go.

Note For an explanation of the IPS file versioning scheme, see IPS Software Image Naming Conventions.

Step 8 Verify that this is the software you want and click Next.

Step 9 Click Agree to accept the software download rules.

Step 10 Enter your Cisco.com username and password.

Note The first time you download a file from Cisco.com, you must fill in the Encryption Software Export Distribution Authorization form before you can download the software. For more information, see Applying for a Cisco.com Account with Cryptographic Access.

The Download File dialog box appears.

Step 11 Open the file or save it to your computer.

Step 12 Follow the instructions in the Readme to install the update.

Note Major and minor updates, service packs, recovery files, signature and signature engine updates are the same for all sensors. System image files are unique per platform.

Applying for a Cisco.com Account with Cryptographic Access

To download software updates, you must have a Cisco.com account with cryptographic access.

To apply for cryptographic access, follow these steps:

Step 1 If you have a Cisco.com account, skip to Step 2. If you do not have a Cisco.com account, register for one at this URL: http://tools.cisco.com/RPF/register/register.do.

Step 2 Go to this URL: http://www.cisco.com/pcgi-bin/Software/Crypto/crypto_main.pl.

The Enter Network Password dialog box appears.

Step 3 Log in with your Cisco.com account.

The Encryption Software Export Distribution Authorization page appears.

Step 4 Enter your first name in the First Name field.

Step 5 Enter your last name in the Last Name field.

Step 6 Enter your company name in the Company field.

Step 7 Enter your address in the Address 1 field.

Step 8 Choose your country from the drop-down list.

Step 9 Enter your city in the City field.

Step 10 Choose your state from the drop-down list.

Step 11 Enter your province if you are not from the US in the Province/State field.

Step 12 (Optional) Enter your postal code in the Postal Code field.

Step 13 Enter your e-mail address in the E-Mail Address field.

Step 14 (Optional) Enter your work phone number in the Desk Phone field.

Step 15 (Optional) Enter your cell phone number in the Cellular Phone field.

Step 16 (Optional) Enter your fax number in the Fax field.

Step 17 Respond to the nine conditions by checking the check box next to each condition.

Step 18 Enter your first and last name as it appears in your Cisco profile in the Final Signature field.

Step 19 Review and complete the Encryption Software Export Distribution Authorization form and click Submit.

IPS Software Versioning

This section describes how to interpret IPS software versioning.

Note There is a new file format for 5.1(5)E1 and later.

This section contains the following topics:

IPS Software Image Naming Conventions

5.1 Software Release Examples

IPS Software Image Naming Conventions

This section describes the various IPS software files, and contains the following sections:

Major and Minor Updates, Service Packs, and Patch Releases

Signature/Virus Updates and Signature Engine Updates

Recovery, Manufacturing, and System Images

Major and Minor Updates, Service Packs, and Patch Releases

Figure 1 illustrates what each part of the IPS software file represents for major and minor updates, service packs, and patch releases.

Figure 1 IPS Software File Name for Major and Minor Updates, Service Packs, and Patch Releases

Major update

Contains new functionality or an architectural change in the product. For example, the IPS 5.0 base version includes everything (except deprecated features) since the previous major release (the minor update features, service pack fixes, and signature updates) plus any new changes. Major update 5.0(1) requires 4.x. With each major update there are corresponding system and recovery packages.

Note The 5.0(1) major update is only used to upgrade 4.x sensors to 5.0(1). If you are reinstalling 5.0(1) on a sensor that already has 5.0(1) installed, use the system image or recovery procedures rather than the major update.

Minor update

Incremental to the major version. Minor updates are also base versions for service packs. The first minor update for 5.0 is 5.1(1). Minor updates are released for minor enhancements to the product. Minor updates contain all previous minor features (except deprecated features), service pack fixes, signature updates since the last major version, and the new minor features being released. You can install the minor updates on the previous major or minor version (and often even on earlier versions). The minimum supported version needed to upgrade to the newest minor version is listed in the Readme that accompanies the minor update. With each minor update there are corresponding system and recovery packages.

Service packs

Cumulative following a base version release (minor or major). Service packs are used for the release of defect fixes with no new enhancements. Service packs contain all service pack fixes since the last base version (minor or major) and the new defect fixes being released. Service packs require the minor version. The minimum supported version needed to upgrade to the newest service pack is listed in the Readme that accompanies the service pack. Service packs also include the latest engine update. For example, if service pack 6.0(3) is released, and E3 is the latest engine level, the service pack is released as 6.0(3)E3.

Patch release

Used to address defects that are identified in the upgrade binaries after a software release. Rather than waiting until the next major or minor update, or service pack to address these defects, a patch can be posted. Patches include all prior patch releases within the associated service pack level. The patches roll into the next official major or minor update, or service pack.

Before you can install a patch release, the most recent major or minor update, or service pack must be installed. For example, patch release 5.0(1p1) requires 5.0(1).

Note Upgrading to a newer patch does not require you to uninstall the old patch. For example, you can upgrade from patch 5.0(1p1) to 5.0(1p2) without first uninstalling 5.0(1p1).

Note For a table listing the types of files with examples of filenames and corresponding software releases, see 5.1 Software Release Examples.

Signature/Virus Updates and Signature Engine Updates

Figure 2 illustrates what each part of the IPS software file represents for signature/virus updates.

Figure 2 IPS Software File Name for Signature/Virus Updates,

Signature/virus updates

Executable file containing a set of rules designed to recognize malicious network activities. Signature updates are released independently from other software updates. Each time a major or minor update is released, you can install signature updates on the new version and the next oldest version for a period of at least six months. Signature updates are dependent on a required signature engine version. Because of this, a req designator lists the signature engine required to support a particular signature update.

A virus component for the signature updates is packaged with the signature update. Virus updates are generated by Trend Microsystems for use by the Cisco Intrusion Containment System (Cisco ICS). Once created for use by Cisco ICS, they are later be incorporated into standard Cisco signature updates.

Figure 3 illustrates what each part of the IPS software file represents for signature engine updates.

Figure 3 IPS Software File Name for Signature Engine Updates

Signature engine updates

Executable files containing binary code to support new signature updates. Signature engine files require a specific service pack, which is also identified by the req designator.

Recovery, Manufacturing, and System Images

Figure 4 illustrates what each part of the IPS software file represents for recovery and system image filenames.

Figure 4 IPS Software File Name for Recovery and System Image Filenames

Recovery and system images contain separate versions for the installer and the underlying application. The installer version contains a major and minor version field.

Installer major version

The major version is incremented by one of any major changes to the image installer, for example, switching from .tar to rpm or changing kernels.

Installer minor version

The minor version can be incremented by any one of the following:

Minor change to the installer, for example, a user prompt added.

Repackages require the installer minor version to be incremented by one if the image file must be repackaged to address a defect or problem with the installer.

5.1 Software Release Examples

Table 1 lists platform-independent IDS 5.1(5)E1 software release examples. Refer to the Readmes that accompany the software files for detailed instructions on how to install the files. For instructions on how to access these files on Cisco.com, see Obtaining Software on Cisco.com.

Table 1 Platform-Independent Release Examples 

Release
Target Frequency
Identifier
Example Version
Example Filename

Signature update1

Weekly

sig

S700

IPS-sig-S700-req-E1.pkg

Signature engine update2

As needed

engine

E1

IPS-engine-E1-req-5.1-3.pkg

Service packs3

Semi-annually
or as needed

5.1(3)

IPS-K9-5.1-3-E1.pkg

Minor update4

Annually

5.1(1)

IPS-K9-5.1-1-E1.pkg

Major update5

Annually

5.0(1)

IPS-K9-6.0-1-E1.pkg

Patch release6

As needed

patch

5.0(1p1)

IPS-K9-patch-5.1-1pl-E1.pkg

Recovery package7

Annually or as needed

r

1.1-5.0(1)

IPS-K9-r-1.1-a-5.1-1-E1.pkg

1 Signature updates include the latest cumulative IPS signatures.

2 Signature engine updates add new engines or engine parameters that are used by new signatures in later signature updates.

3 Service packs include defect fixes.

4 Minor versions include new minor version features and/or minor version functionality.

5 Major versions include new major version functionality or new architecture.

6 Patch releases are for interim fixes.

7 The r 1.1 can be revised to r 1.2 if it is necessary to release a new recovery package that contains the same underlying application image. If there are defect fixes for the installer, for example, the underlying application version may still be 5.0(1), but the recovery partition image will be r 1.2.


Table 2 describes platform-dependent software release examples.

Table 2 Platform-Dependent Release Examples 

Release
Target Frequency
Identifier
Supported Platform
Example Filename

System image1

Annually

sys

Separate file for each sensor platform

IPS-4240-K9-sys-1.1-a-5.1-1-E1.img

Maintenance partition image2

Annually

mp

IDSM-2

c5svc-mp.2-1-2.bin.gz

Bootloader

As needed

bl

NM-CIDS
AIM-IPS
NME-IPS

servicesengine-boot-1.0-4.bin

1 The system image includes the combined recovery and application image used to reimage an entire sensor.

2 The maintenance partition image includes the full image for the IDSM-2 maintenance partition. The file is installed from but does not affect the IDSM-2 application partition.


Table 3 describes the platform identifiers used in platform-specific names.

Note IDS-4235 and IDS-4250 do not use platform-specific image files.

Table 3 Platform Identifiers

Sensor
Identifier

IDS-4215

IDS-4215-

IPS-4240

IPS-4240-

IPS-4255

IPS-4255-

IPS-4260

IPS-4260-

IDS module for Catalyst 6K

WS-SVC-IDSM2-

IDS network module

IPS-NM-CIDS-

AIP-SSM

IPS-SSM-


Upgrading to 5.1

To upgrade the sensor, follow these steps:

Step 1 Download the latest 5.1(x) file (for example, IPS-K9-5.1-1-E1.pkg) to an FTP, SCP, HTTP, or HTTPS server that is accessible from your sensor.

Note If you use FTP or SCP protocol, you are prompted for a password. If you use SCP protocol, you must add the remote host to the SSH known hosts list. For the procedure, refer to "Adding Hosts to the SSH Known Hosts List," in Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 5.1.

Note If you use HTTPS, the remote host must be a TLS trusted host. For the procedure, refer to "Adding TLS Trusted Hosts," in Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 5.1.

For the procedure for locating software on Cisco.com, see Obtaining Software on Cisco.com.

Step 2 Log in to the CLI using an account with administrator privileges.

Step 3 Upgrade the sensor: 

sensor# configure terminal

sensor(config)# upgrade scp://tester@10.1.1.1//upgrade/IPS-K9-5.1-1-E1.pkg


Enter password: ********

Re-enter password: ********

Step 4 Type yes to complete the upgrade.

Note Major updates, minor updates, and service packs may force a restart of the IPS processes or even force a reboot of the sensor to complete installation.

Step 5 Verify your new sensor version: 

sensor# show version

Application Partition:


Cisco Intrusion Prevention System, Version 5.1(5)E1


Host:

    Realm Keys          key1.0

Signature Definition:

    Signature Update    S278.0                   2007-03-28

    Virus Update        V1.2                     2005-11-24

OS Version:             2.4.26-IDS-smp-bigphys

Platform:               IDS-4210

Serial Number:          8R2D501

No license present

Sensor up-time is 12 days.

Using 500482048 out of 510238720 bytes of available memory (98% usage)

system is using 17.4M out of 29.0M bytes of available disk space (60% usage)

application-data is using 36.8M out of 174.7M bytes of available disk space (22%

 usage)

boot is using 35.3M out of 75.9M bytes of available disk space (49% usage)

application-log is using 532.6M out of 2.8G bytes of available disk space (20% u

sage)



MainApp          2007_FEB_02_15_58   (Release)   2007-02-02T16:04:00-0600   Running

AnalysisEngine   2007_FEB_02_15_58   (Release)   2007-02-02T16:04:00-0600   Running

CLI              2007_FEB_02_15_58   (Release)   2007-02-02T16:04:00-0600



Upgrade History:


  IPS-K9-sp-5.1-5-E1   15:58:00 UTC Fri Feb 02 2007


Recovery Partition Version 1.1 - 5.1(5)E1


sensor#

After Upgrading to Cisco IPS 5.1

This section provides information about what to do after you install IPS 5.1. It contains the following topics:

Comparing Configurations

SSL Certificate

Increasing the Memory Size of the Java Plug-In

Licensing the Sensor

Comparing Configurations

Compare your backed up and saved 5.0 configuration with the output of the show configuration command after upgrading to 5.1 to verify that all the configuration has been properly converted.

Note If you are converting from IPS 4.x, the 4.x configuration has to be converted to the 5.1 commands, because IPS 5.1 has some new configuration parameters.

Caution If the configuration is not properly converted, see Caveats, or check Cisco.com for any upgrade issues that have been found. Contact the TAC if no DDTS refers to your situation.

SSL Certificate

If necessary import the new SSL certificate for the upgraded sensor in to each tool being used to monitor the sensor.

For the procedure, refer to "Configuring TLS," in Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface 5.1, or "Configuring Certificates," in Installing and Using Cisco Intrusion Prevention System Device Manager 5.1.

Increasing the Memory Size of the Java Plug-In

To correctly run IDM, your browser must have Java Plug-in 1.4.2 or 1.5 installed. By default the Java Plug-in allocates 64 MB of memory to IDM. IDM can run out of memory while in use, which can cause IDM to freeze or display blank screens. Running out of memory can also occur when you click Refresh. An OutofMemoryError message appears in the Java console whenever this occurs.

Note We recommend that you use Sun Microsystems Java. Using any other version of Java could cause problems with IDM.

You must change the memory settings of Java Plug-in before using IDM. The mandatory minimum memory size is 256 MB.

This section contains the following topics:

Java Plug-In on Windows

Java Plug-In on Linux and Solaris

Java Plug-In on Windows

To change the settings of Java Plug-in on Windows for Java Plug-in 1.4.2 and 1.5, follow these steps:

Step 1 Close all instances of Internet Explorer or Netscape.

Step 2 Choose Start  > Settings > Control Panel.

Step 3 If you have Java Plug-in 1.4.2 installed:

a. Choose Java Plug-in.

The Java Plug-in Control Panel appears.

b. Click the Advanced tab.

c. In the Java RunTime Parameters field, enter -Xmx256m.

d. Click Apply and exit the Java Control Panel.

Step 4 If you have Java Plug-in 1.5 installed:

a. Choose Java.

The Java Control Panel appears.

b. Click the Java tab.

c. Click View under Java Applet Runtime Settings.

The Java Runtime Settings window appears.

d. In the Java Runtime Parameters field, enter -Xmx256m, and then click OK.

e. Click OK and exit the Java Control Panel.

Java Plug-In on Linux and Solaris

To change the settings of Java Plug-in 1.4.2 or 1.5 on Linux and Solaris, follow these steps:

Step 1 Close all instances of Netscape or Mozilla.

Step 2 Bring up Java Plug-in Control Panel by launching the ControlPanel executable file.

Note In the Java 2 SDK, this file is located at <SDK installation directory>/jre/bin/ControlPanel. For example if your Java 2 SDK is installed at /usr/j2se, the full path is /usr/j2se/jre/bin/ControlPanel.

Note In a Java 2 Runtime Environment installation, the file is located at <JRE installation directory>/bin/ControlPanel.

Step 3 If you have Java Plug-in 1.4.2 installed:

a. Click the Advanced tab.

b. In the Java RunTime Parameters field, enter -Xmx256m.

c. Click Apply and close the Java Control Panel.

Step 4 If you have Java Plug-in 1.5 installed:

a. Click the Java tab.

b. Click View under Java Applet Runtime Settings.

c. In the Java Runtime Parameters field, enter -Xmx256m, and then click OK.

d. Click OK and exit the Java Control Panel.

Licensing the Sensor

This section describes how to obtain a license key and how to license the sensor using the CLI or IDM. It contains the following topics:

Overview

Service Programs for IPS Products

Obtaining and Installing the License Key

Overview

Although the sensor functions without the license, you must have a license to obtain signature updates. To obtain a license, you must have a Cisco Service for IPS service contract. Contact your reseller, Cisco service or product sales to purchase a contract. For more information, see Service Programs for IPS Products.

Note You can install the first few signature updates for 5.x without a license. This gives you time to get your sensor licensed. If you are unable to get your sensor licensed because of confusion with your contract, you can obtain a 60-day trail license that supports signature updates that require licensing.

You can view the status of the IPS subscription license key on the Licensing panel in IDM. You can obtain a license key from the Cisco.com licensing server, which is then delivered to the sensor. Or, you can update the sensor license key from a license key provided in a local file.

You must know your IPS device serial number to obtain a license key. You can find the IPS device serial number in IDM by clicking Configuration > Licensing, or through the CLI by using the show version command.

Whenever you start IDM, a dialog box informs you of your license status—whether you have a trial, invalid, or expired license key. With no license key, an invalid license key, or an expired license key, you can continue to use IDM but you cannot download signature updates.

When you enter the CLI, you receive the following message if there is no license installed: 

***LICENSE NOTICE***

There is no license key installed on the system.

Please go to http://www.cisco.com/go/license to obtain a new license or install a license.

You will continue to see this message until you have installed a license. Go to http://www.cisco.com/go/license and click IPS Signature Subscription Service to apply for a license.

Service Programs for IPS Products

You must have a Cisco Services for IPS service contract for any IPS product so that you can download a license key and obtain the latest IPS signature updates. If you have a direct relationship with Cisco Systems, contact your account manager or service account manager to purchase the Cisco Services for IPS service contract. If you do not have a direct relationship with Cisco Systems, you can purchase the service account from a one-tier or two-tier partner.

When you purchase the following IPS products you must also purchase a Cisco Services for IPS service contract:

IDS-4215

IPS-4240

IPS-4255

IDSM-2

NM-CIDS

For ASA products, if you purchased one of the following ASA products that do not contain IPS, you must purchase a SMARTnet contract:

Note SMARTnet provides operating system updates, access to Cisco.com, access to TAC, and hardware replacement NBD on site.

ASA5510-K8

ASA5510-DC-K8

ASA5510-SEC-BUN-K9

ASA5520-K8

ASA5520-DC-K8

ASA5520-BUN-K9

ASA5540-K8

ASA5540-DC-K8

ASA5540-BUN-K9

If you purchased one of the following ASA products that ships with the AIP-SSM installed or if you purchased AIP-SSM to add to your ASA product, you must purchase the Cisco Services for IPS service contract:

Note Cisco Services for IPS provides IPS signature updates, operating system updates, access to Cisco.com, access to TAC, and hardware replacement NBD on site.

ASA5510-AIP10-K9

ASA5520-AIP10-K9

ASA5520-AIP20-K9

ASA5540-AIP20-K9

ASA-SSM-AIP-10-K9

ASA-SSM-AIP-20-K9

For example, if you purchased an ASA-5510 and then later wanted to add IPS and purchased an ASA-SSM-AIP-10-K9, you must now purchase the Cisco Services for IPS service contract.

After you have the Cisco Services for IPS service contract, you must also have your product serial number to apply for the license key. For the procedure, see Obtaining and Installing the License Key.

Caution If you ever send your product for RMA, the serial number will change. You must then get a new license key for the new serial number.

Obtaining and Installing the License Key

You can install the license key through the CLI or IDM. This section contains the following topics:

Using IDM

Using the CLI

Using IDM

To obtain and install the license key, follow these steps:

Step 1 Log in to IDM using an account with administrator privileges.

Step 2 Choose Configuration > Licensing.

The Licensing pane displays the status of the current license. If you have already installed your license, you can click Download to save it if needed.

Step 3 Obtain a license key by doing one of the following:

Check the Cisco Connection Online check box to obtain the license from Cisco.com.

IDM contacts the license server on Cisco.com and sends the server the serial number to obtain the license key. This is the default method. Go to Step 4.

Check the License File check box to use a license file.

To use this option, you must apply for a license key at this URL: www.cisco.com/go/license.

The license key is sent to you in e-mail and you save it to a drive that IDM can access. This option is useful if your computer cannot access Cisco.com. Go to Step 7.

Step 4 Click Update License.

The Licensing dialog box appears.

Step 5 Click Yes to continue.

The Status dialog box informs you that the sensor is trying to connect to Cisco.com. An Information dial