User Guide for Cisco Security Manager 4.4
Chapter 43 Managing IPS Sensors
Managing IPS Updates
Step 3 On the second page of the wizard, select the local signature policies (representing devices not assigned
to any shared signature policy) and shared signature policies you want to update from the Apply Updates
To list. Use the Type field to toggle between the types of policies. You can select any combination of
local and shared policies. When you select a policy, the devices that use the policy are selected for
To select all applicable devices or shared policies, click Select All. To erase your selection and start over,
click Deselect All. These buttons apply only to the displayed list.
IPS devices to which the update does not apply are grayed out in the Apply Updates To list, and you
cannot select them. When you select a device that can be updated, it is listed in the Devices Assigned to
Selected Policies list; these are the only devices that will be updated. If you select a shared policy, all
devices that are using the policy appear in the selected policies list, but the devices to which the update
does not apply are grayed out.
Tip The engine release controls which devices you can select for sensor updates; you can apply the
update only to devices that use the same engine version, regardless of the release version. For
example, if your device is running 6.0(5) E3, you can update to 6.1(1) E3 but not to 6.1(1) E2.
You also cannot apply a 6.1(1) E3 update to a device running 6.1(1) E2. If you want to update
the engine version, select a signature update with the higher engine version, and Security
Manager will update the engine level automatically while updating the signatures. For example,
if the device has the 6.1(1) E2 version and needs to have the E3 engine package applied, choose
the signature package that requires the E3 engine and apply it to the device; doing so applies the
engine package automatically to the device while updating the signatures. Thus, if the device
you want to update is grayed out, click Back and change your update selection.
If you are applying a signature update, and you want to edit the signatures before applying them, click
Next to continue. Otherwise, click Finish to apply your update to the policies.
Step 4 (Optional) On the third page of the wizard, modify the signatures as desired.
The signatures list displays the new and modified signatures between the signature level of the selected
update and the lowest signature level among the selected devices. If the selected devices include both
IPS sensors and Cisco IOS IPS devices, the signatures for these devices appear on separate tabs.
Click the link in the ID number to read the description for the signature on Cisco.com. The Status column
indicates whether the signature is new or modified (see the visual description of the icons on the wizard
To edit a signature, select it in the table and click the Edit button below the table (the pencil icon). For
help in understanding the signature, click Help in the dialog box that the Edit button opens.
For details on available signature information, see Signatures Page, page 38-4. In the Signature
Summary Table, you can also add custom signatures and delete signatures, but you cannot do that on this
page of the Apply IPS Update Wizard.
Click Finish to apply your update to the policies and to save your edits.
Step 5 Submit your changes and deploy them to the devices. For information on creating deployment jobs, see
these topics:
• Deploying Configurations in Non-Workflow Mode, page 8-29
• Deploying Configurations in Workflow Mode, page 8-35