Filter
Top Products
C-55
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Appendix C Troubleshooting
Troubleshooting the Appliance
For More Information
• For more information on running the setup command, see Chapter 3, “Initializing the Sensor.”
• For more information on reimaging your sensor, see Chapter 22, “Upgrading, Downgrading, and
Installing System Images.”
Which Updates to Apply and Their Prerequisites
You must have the correct service pack and minor and major version of the software. If you are having
trouble with applying new software, make sure that you are applying the proper updates with the proper
prerequisites:
• Signature updates require the minimum version and engine version listed in the filename.
• Engine updates require the major or minor version in the engine update filename. Service packs
require the correct minor version.
• Minor versions require the correct major version.
• Major versions require the previous major version.
For More Information
To understand how to interpret the IPS software filenames, see IPS Software Versioning, page 21-3.
Issues With Automatic Update
Caution In IPS 7.1(5)E4 and later the default value of the Cisco server IP address has been changed from
198.133.219.25 to 72.163.4.161 in the Auto Update URL configuration. If you have automatic update
configured on your sensor, you may need to update firewall rules to allow the sensor to connect to this
new IP address.
The following list provides suggestions for troubleshooting automatic updates:
• Run TCPDUMP:
–
Create a service account. Su to root and run TCPDUMP on the command and control interface
to capture packets between the sensor and the FTP server.
–
Use the upgrade command to manually upgrade the sensor.
–
Look at the TCPDUMP output for errors coming back from the FTP server.
• Make sure the sensor is in the correct directory. The directory must be specified correctly. This has
caused issues with Windows FTP servers. Sometimes an extra “/” or even two “/” are needed in front
of the directory name. To verify this, use the same FTP commands you see in the TCPDUMP output
through your own FTP connection.
• You must use the Windows FTP server setup option to emulate UNIX file structure and not MS-DOS
file structure.
• If you are using SCP, make sure you have added the SSH host key to the known hosts list.
• If you get an unauthorized error message while configuring an automatic update, make sure you
have the correct ports open on any firewalls between the sensor and Cisco.com. For example, you
need port 443 for the initial automatic update connection to www.cisco.com, and you need port 80