Filter
Top Products
43-7
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 43 Managing IPS Sensors
Managing IPS Updates
Step 2 In the Auto Update Settings group in the lower portion of the page, select an auto update mode to
establish the extent of automation. Choices include:
• Download, Apply, and Deploy Updates—Security Manager checks for updates according to your
schedule, downloads them to the Security Manager server, applies them to the selected devices and
policies, and starts a deployment job to update the affected devices. This choice ensures that your
devices are running the latest updates with minimal effort for your operations staff.
• Disable Auto Update—Security Manager does not perform any automatic actions for IPS updates.
• Check for Updates—Security Manager checks for updates according to your schedule and updates
the information in the Update Status group. No devices or policies are updated.
• Download Updates—Security Manager checks for updates according to your schedule and
downloads any new updates to the Security Manager server.
• Download and Apply Updates—Security Manager checks for updates according to your schedule,
downloads them, and applies them to the selected devices and policies. You must separately create
a deployment job to deploy the changes to the affected devices.
Step 3 Click Edit Update Schedule to open a dialog box where you can specify the schedule for the operation.
Select the starting date, enter the starting time in 24-hour format (hh:mm), and select whether the
schedule should be by the hour, day, week, month, or a one-time event. Click OK to save the schedule.
Step 4 (Optional) Enter an e-mail address in the Notify Email field. Security Manager will notify this user when
a package is available for download or has been downloaded, applied, or deployed. You can enter more
than one address by separating the addresses with commas.
Step 5 Select the devices and shared policies you want to automatically update in the Apply Update To selector.
Use the Type field to toggle between local policies (for devices) and shared policies.
To select a device or policy, click it in the selector and click the Edit Row button (the pencil icon below
the selector). This action opens the Edit Auto Update Settings dialog box. Select the types of updates
you want to apply: minor sensor updates and service packs or service packs only, and the signature
update level. Click OK to save your changes. The devices to which the policy apply are added to the
Devices to be Auto Updated list. A message will indicate if you need to submit your changes for the
change to take effect.
Step 6 Click Save.
Manually Applying IPS Updates
You can manually apply image and signature updates to compatible IPS devices using the Apply IPS
Update wizard. Use this procedure with policies and devices that you did not configure for automatic
updates (as described in Automating IPS Updates, page 43-6).
When applying signature updates, the wizard displays those signatures in the update that are not
configured on the target IPS devices. You can configure the new signatures before they are applied.
When applying image and signature updates, only those devices to which the updates can be applied are
available for selection. Inapplicable devices are grayed out. A device can be grayed out even if a
signature update applies to it if the required engine upgrade or generic packages are not available.
Tip If you later decide that you did not want to apply a signature update, you can revert to the previous update
level by selecting the Signatures policy on the device, clicking the View Update Level button, and
clicking Revert.