Field Notice: FN - 63584 - IPS Sensors: Change in Server IP Address for IPS Signature Updates - Configuration Change Recommended

Available Languages

Updated:January 22, 2021

Document ID:FN63584

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision	Publish Date	Comments
1.0	14-Nov-12	Initial Release
10.0	11-Oct-17	Migration to new field notice system
10.1	22-Jan-21	Updated the Defect Information Section

Products Affected

Affected OS Type	Affected Software Product	Affected Release	Affected Release Number	Comments
NON-IOS	Intrusion Prevention System (IPS) System Software	E3	6.2(1)E3,6.2(2)E3
NON-IOS	Intrusion Prevention System (IPS) System Software	E4	7.0(2)E4,7.0(3)E4,7.0(4)E4,7.0(5)E4,7.0(5a)E4,7.0(6)E4,7.0(7)E4,7.0(8)E4,7.0(9)E4,7.1(1)E4,7.1(10)E4,7.1(11)E4,7.1(2)E4,7.1(3)E4,7.1(4)E4,7.1(5)E4,7.1(6)E4,7.1(7)E4,7.1(8)E4,7.1(9)E4

Defect Information

Defect ID	Headline
CSCvf34445	There were no defects filed with this field notice at the time of publication.

Problem Description

Customers that subscribe to automatic Intrusion Prevention System (IPS) signature/sensor updates are required to change the Cisco.com server IP address prior to January 25, 2013.

Customers that use Cisco Security Manager (CSM) to provide automatic IPS signature/sensor updates are not affected by the server change since CSM uses the DNS name to resolve the server IP address.

Background

Customers that use IPS depend on continuous signature updates from Cisco for up-to-date protection of their network.

On January 25, 2013, the server IP address that supports the Cisco.com IPS Auto Update feature will be permanently changed from 198.133.219.25 to 72.163.4.161. Both IP addresses currently run in parallel in order to allow customers to migrate during a maintenance window between now and January 25, 2013. This change affects IPS sensors that run 6.2, 7.0, and 7.1 code versions configured for Cisco.com Auto Update. In order to maintain consistent automatic signature updates, the Auto Update URL should be configured in order to reflect the new IP address.

Problem Symptom

Customers that do not change the Cisco.com server IP address prior to January 25, 2013 might not receive automatic IPS signature updates and could potentially be vulnerable to security threats.

Workaround/Solution

Use one of these procedures in order to change the server IP address that supports the Cisco.com IPS Auto Update feature from 198.133.219.25 to 72.163.4.161. Both IP addresses currently run in parallel in order to allow customers to migrate during a maintenance window until January 25, 2013.

In order to guarantee that you continue to receive automatic IPS signature updates from Cisco for up-to-date network protection, complete one of these procedures by January 25, 2013.

NOTE: Firewall rules might need to be updated in order to allow sensor connectivity to this new IP Address.

Update the Auto Update URL Using the CLI (IPS 7.0(8), IPS 7.1(6) and later)

A sensor that runs IPS 7.0(8) or IPS 7.1(6) might still have the old auto-update IP address if originally configured with IDM/IME in a previous release. Enter this command to verify the current configuration:

show conf | include cisco-url

If the command output references 198.133.219.25, enter these commands to default the configuration to the updated IP address:

sensor#conf t
sensor(config)#service host
sensor(config-hos)#auto-upgrade
sensor(config-hos-aut)#cisco-server enabled
sensor(config-hos-aut-ena)#default cisco-url
sensor(config-hos-aut-ena)#exit
sensor(config-hos-aut)#exit
sensor(config-hos)#exit
Apply Changes?[yes]:yes

Update the Auto Update URL Using the CLI (all other IPS versions)

NOTE: Do not change the double slash (//) at the end of the IP address shown in this configuration.

sensor#config t
sensor(config)#service host
sensor(config-hos)#auto-upgrade
sensor(config-hos-aut)#cisco-server enabled
sensor(config-hos-aut-ena)#cisco-url https://72.163.4.161//cgi-bin/front.x/ida/locator/locator.pl
sensor(config-hos-aut-ena)#exit
sensor(config-hos-aut)#exit
sensor(config-hos)#exit
Apply Changes?[yes]:yes

Update the Auto Update URL Using IDM/IME

Navigate to Configuration > Sensor Management > Auto/Cisco.com Update.
Click the Cisco.com Server Settings section heading.
Copy and paste this value into the Cisco.com URL field.
https://72.163.4.161//cgi-bin/front.x/ida/locator/locator.pl

NOTE: Do not change the double slash (//) at the end of the IP address.
Click Apply in order to deploy the configuration to the sensor.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)