Manualshelf

Release Notes

ManualsBrandsCisco ManualsSecurity SystemCisco IPS 4255 Sensor
11121314151617181920
19
Release Notes for Cisco Intrusion Prevention System 5.1(7)E1
OL-8492-01
Upgrading to Cisco IPS 5.1(7)E1
Upgrade Notes and Caveats
The following upgrade notes and caveats apply to upgrading from 4.x to 5.1(7)E1:
The sensor must show version 5.0(1) or later before you can apply this service pack.
Installing 5.1(7)E1 completely reimages the sensor. Sensor configuration settings are maintained,
but all data written to the Event Store and any unsupported customizations are lost.
We strongly advise you to save a copy of the current configuration settings of the sensor to an FTP
server before you upgrade.
You cannot uninstall the 5.1(7)E2 service pack. You must reimage the sensor using a system image
file. All configuration settings are lost.
Auto Update does not recognize the IPS-4260 package file (IPS-4260-K9-5.1-7-E1.pkg).
If Auto Update is configured on the IPS-4260, it does not install the 4260 files because it does not
recognize them. Use the CLI or IDM to install the 5.1(7)E1 service pack.
Note IPS version 5.1(x) does not recognize platform-specific major, minor, or service pack file
names.
If you have 4.0 installed on your sensor, you must upgrade to 4.1, then upgrade to 5.0, then upgrade
to 5.1(7)E1.
If you try to upgrade a 4.0 sensor to 5.0, you receive an error that Analysis Engine is not running
rather than an error that the sensor cannot be upgraded from 4.0 to 5.0:
sensor# upgrade scp://user@10.1.1.1/upgrades/IPS-K9-maj-5.0-1-S148.rpm.pkg
Password: ********
Warning: Executing this command will apply a major version upgrade to the application
partition. The system may be rebooted to complete the upgrade.
Continue with upgrade? : yes
Error: AnalysisEngine is not running. Please reset box and attempt upgrade again.
If you receive this error, you must upgrade from 4.0 to 4.1 and then to 5.0. Or you can use the
recovery CD (if your sensor has a CD-ROM) or the system image file to reimage directly to
version 5.1(7)E1. You can reimage a 4.0 sensor to 5.0 because the reimage process does not check
to see what version was previously installed.
After you upgrade any IPS software on your sensor, you must restart the IDM to see the latest
software features.
In 4.x, custom signature IDs start at 20000. Any custom signatures that you have created in 4.x are
converted to the 5.x custom signature range, which begins at 60000.
In 4.x, there is a parameter that lets you enable and disable signatures. In 5.x, there is a similar
parameter, but there is also a parameter that lets you retire and unretire signatures. When you
upgrade to 5.x, some signatures will be marked as enabled; however, they may also have been retired
in 5.x and therefore the enabled setting is ignored. You must manually unretire the signature to
ensure that it is enabled.
In 5.1(7)E1, you will receive messages indicating the you need to install a license. The sensor
functions properly without a license, but you will need a license to install signature updates.
Upgrading from 4.1 to 5.x preserves the configuration of the sensor. The upgrade may stop if it
comes across a value that it cannot translate. If this occurs, the resulting error message provides
enough information to adjust the parameter to an acceptable value. After editing the configuration,
try the upgrade again.