Support User Manuals

Cisco Systems IPS4520K9 Network Router User Manual

Open as PDF

of 460

D-7

Cisco Intrusion Prevention System Appliance and Module Installation Guide for IPS 7.1

OL-24002-01

Appendix D Upgrading, Downgrading, and Installing System Images

Configuring Automatic Upgrades

Understanding Automatic Upgrades

Caution

In IPS 7.1(5)E4 and later the default value of the Cisco server IP address has been changed from

198.133.219.25 to 72.163.4.161 in the Auto Update URL configuration. If you have automatic update

configured on your sensor, you may need to update firewall rules to allow the sensor to connect to this

new IP address.

You can configure the sensor to look for new upgrade files in your upgrade directory automatically. For

example, several sensors can point to the same remote FTP server directory with different update

schedules, such as every 24 hours, or Monday, Wednesday, and Friday at 11:00 pm.

You specify the following information to schedule automatic upgrades:

•

Server IP address

•

Path of the directory on the file server where the sensor checks for upgrade files

•

File copy protocol (SCP or FTP)

•

Username and password

•

Upgrade schedule

You must download the software upgrade from Cisco.com and copy it to the upgrade directory before

the sensor can poll for automatic upgrades.

For More Information

For the procedure for locating software on Cisco.com, see Obtaining Cisco IPS Software, page C-1.

Automatically Upgrading the Sensor

Use the auto-upgrade-option enabled command in the service host submode to configure automatic

upgrades. The following options apply:

•

cisco-server—Enables automatic signature and engine updates from Cisco.com.

•

cisco-url—Specifies the Cisco server locator service. You do not need to change this unless the

www.cisco.com IP address changes.

•

default— Sets the value back to the system default setting.

•

directory— Specifies the directory where upgrade files are located on the file server. A leading ‘/’

indicates an absolute path.

•

file-copy-protocol— Specifies the file copy protocol used to download files from the file server.

The valid values are ftp or scp.

Note

If you use SCP, you must use the ssh host-key command to add the server to the SSH known

hosts list so the sensor can communicate with it through SSH.

•

ip-address—Specifies the IP address of the file server.

•

password—Specifies the user password for Cisco server authentication.

previous next