ISG w/ IDP Blade - Attack DB and Detector engine woes

  • Hi all,

    I have two ISG clusters that I am managing through NSM.  I have had a series of issues loading attack databases and detector engines to the devices.

    Currently with one cluster I do the ‘IDP update detector engine’ routine and the job just hangs, never completes.  When I try and push security policies to the device I get the following error:

      Could not determine detector firmware version. Please try updating NSM attack database before updating the device
      IDP Rule Bases will not be updated to the device.
      All IDP rules for “Bermuda1” will be unloaded from the device.
      IDP Profiling for “Bermuda1” will be disabled because there are no IDP rules currently associated with this device.

    This seemed to just start happening with a recent policy push - all IDP alerts stopped on the cluster and haven’t worked since.  We have updated NSM’s attack db - no difference in the error.  We have manually reloaded the IDP policy at the CLI - it reported success, but still no alerts.

    The other related problem is that we want to automate the update of the attack dbs and detector engines through NSM.  While you can tell each firewall to individually go out to the Internet to get the update, one of the clusters I manage does not have Internet access.

    There’s no way in the NSM GUI to automate pulling the file to NSM and then pushing it out to the devices.  So we’re left with the workaround - the script noted in this KB article

    This is basically instruction to create a cron that runs this script:

    ./ –attack-update --post-action --update-devices

    Which says it executes correctly, updates NSM, but doesn’t actually update the problem cluster.

    Anyone else run across these problems?