D-9
Cisco Intrusion Prevention System Appliance Hardware Installation Guide for IPS 7.1
OL-24002-01
Appendix D Upgrading, Downgrading, and Installing System Images
Configuring Automatic Upgrades
• schedule-option—Specifies the schedules for when Cisco server automatic upgrades occur.
Calendar scheduling starts upgrades at specific times on specific days. Periodic scheduling starts
upgrades at specific periodic intervals.
–
calendar-schedule—Configures the days of the week and times of day that automatic upgrades
will be performed.
–
days-of-week—Specifies the days of the week on which auto-upgrades will be performed. You
can select multiple days: sunday through saturday are the valid values.
–
no—Removes an entry or selection setting.
–
times-of-day—Specifies the times of day at which auto-upgrades will begin. You can select
multiple times. The valid value is hh:mm[:ss].
–
periodic-schedule—Specifies the time that the first automatic upgrade should occur, and how
long to wait between automatic upgrades.
–
interval—Specifies the number of hours to wait between automatic upgrades. Valid values are
0 to 8760.
–
start-time—Specifies the time of day to start the first automatic upgrade. The valid value is
hh:mm[:ss].
• user-name—Specifies the username for server authentication.
• user-server—Enables automatic upgrades from a user-defined server.
Configuring Automatic Upgrades
If you get an unauthorized error message while configuring an automatic update, make sure you have the
correct ports open on any firewalls between the sensor and Cisco.com. For example, you need port 443
for the initial automatic update connection to www.cisco.com, and you need port 80 to download the
chosen package from a Cisco file server. The IP address may change for the Cisco file server, but you
can find it in the lastDownloadAttempt section in the output of the show statistics host command.
Caution In IPS 7.1(5)E4 and later the default value of the Cisco server IP address has been changed from
198.133.219.25 to 72.163.4.161 in the Auto Update URL configuration. If you have automatic update
configured on your sensor, you may need to update firewall rules to allow the sensor to connect to this
new IP address.
Note To check the status of the last automatic update or the next scheduled automatic update, run the show
statistics host command and check the Auto Update Statistics section.
To schedule automatic upgrades, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Enter automatic upgrade submode.
sensor# configure terminal
sensor(config)# service host
sensor(config-hos)# auto-upgrade
sensor(config-hos-aut)#
Comments to this Manuals