Filter
Top Products
43-4
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 43 Managing IPS Sensors
Managing IPS Updates
Managing IPS Updates
You can use Security Manager to apply sensor and signature updates to your IPS devices and shared
policies. Through Security Manager, you can download updates and either set up automatic updates or
apply them manually.
Signature updates are available only for IPS 5.1(4) and higher.
Tip If you have problems applying patches, service packs, or signature updates, check the time on your IPS
sensor. If the time on the sensor is ahead of the time on the associated certificate, the certificate is
rejected and the update may fail. Use the Network Time Protocol (NTP) to maintain accurate time on an
IPS sensor. For information on configuring NTP on the sensor, see Identifying an NTP Server,
page 35-21.
The IPS packages included with Security Manager do not include the package files that are required for
updating IPS devices. You must download IPS packages from Cisco.com or your local update server
before you can apply any updates. The downloaded versions include all required package files and
replace the partial files that are included in the Security Manager initial installation.
The following topics describe how to use Security Manager to manage IPS updates:
• Configuring the IPS Update Server, page 43-4
• Checking for IPS Updates and Downloading Them, page 43-5
• Automating IPS Updates, page 43-6
• Manually Applying IPS Updates, page 43-7
Configuring the IPS Update Server
To apply IPS sensor and signature updates, Security Manager must download the updates to the Security
Manager server from an identified IPS Update server.
You can use Cisco.com as the IPS Update server. Using Cisco.com ensures that the latest updates are
available to you at their earliest availability. However, if you cannot use Cisco.com for some reason, you
can set up your own local IPS Update web server, manually download updates to it, and configure
Security Manager to obtain the updates from your local server.
Tip If you are using a device that requires a Cisco.com login for updating licenses, such as an IPS 4270 or
an AIP SSM-40 in an ASA device, you must configure the IPS Update server as Cisco.com. You cannot
use a local server.
Related Topics
• Automating IPS Updates, page 43-6
• Manually Applying IPS Updates, page 43-7
Step 1 Select Tools > Security Manager Administration and select IPS Updates from the table of contents
to open the IPS Updates page (see IPS Updates Page, page 11-30).
Step 2 In the Update Server area, click Edit Settings to open the Edit Update Server Settings dialog box (see
Edit Update Server Settings Dialog Box, page 11-34).