Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 3078 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rollback / remove IPS/Application Signature

RichardPhillips

Hi,


Long story short, I am in the process of doing a hardware refresh of an XG210 to a 310. 

I am having issues restoring the config from the 210 to the 310 as I get warning when restoring the config that the IPS and Apps signature on the 310 is not the same or newer than the 210.

The 210 is on 9.17.00 and the 310* is on 9.15.59. The 210 did have V18 GA on it for a short period of time so this is likely to be where the issue is.

Both now are running 17.5.11 MR11.

Is there a way to delete the signature from the device and force it to refresh with the current one for the firmware?

Thanks,

 

*edited typo



This thread was automatically locked due to age.
Parents
  • 0

    You can force a pattern update via System > Backup & Firmware > Pattern Updates, I've seen something similar when applying a config to a new XG I've not updated.

     

    That might sort it for you.

     

    Regards

  • 0 in reply to carbon15

    T

    carbon15 said:

    You can force a pattern update via System > Backup & Firmware > Pattern Updates, I've seen something similar when applying a config to a new XG I've not updated.

     

    That might sort it for you.

     

    Regards

     


    Thanks Carbon, but already tried that one. Even manually downloading the patterns and uploading, stays the same. I do have a support ticket open, but see to have a chap helping me who is available when I sleep!

    I hope there is a way to remove the database through the CLI and force an update. The firewall is in production and at the office, so cant do anything more than the odd reboot at the moment over the weekend.

  • 0 in reply to RichardPhillips

    Assuming you mixed up some numbers in your Initial post? 

    The Backup has a Version written to it (Lets say 5). If you target System has a older version (Lets say 4), it will not restore the Backup. That is to prevent the system to get in a weird state. 

    The Problem can occur, if you use a new Major Version, because it can go to a version, which the original system never can reach. 

    If you check both system on MR11, it is still different? 

    There are ways to refresh this version. Support has the tools to do so. 

  • 0 in reply to LuCar Toni

    Nope, definitely no mix ups of numbers.

    As it stand at this minute, both firewalls running 17.5.11. MR11

    Old FW - XG210 - IPS is 9.17

    New FW - XG310 - IPS is 9.15.99

  • 0 in reply to RichardPhillips

    "The 210 is on 9.17.00 and the 210 is on 9.15.59. The 210 did have V18 GA on it for a short period of time so this is likely to be where the issue is."

    Meant this part. There should be a mix up. Which one had V18? 

Reply Children
  • 0 in reply to LuCar Toni

    The 210 had V18 on it for a few days. Sorry if there was a typo earlier.

  • 0 in reply to RichardPhillips

    Yeah that will cause this issue. 210 got a version, which your current XG310 cannot reach. You could use a workaround for quick solution. 

    Use the XG310, go back to MR10 or below. Upgrade the XG310 to V18.0 Build 354, Upgrade the IPS to a newer version. Go back to V17.0 MR10, Ugprade MR10 to MR11. Restore Backup.

    That is kinda a workaround ,the problem is caused by this current State in having not a direct migration path between MR11 - V18 and V18 using a newer IPS Engine. 

  • 0 in reply to LuCar Toni

    Meant to update this on Monday, been busy couple of days. I checked it out on Monday morning, and the IPS signatures had updated so think there must have been an issue with the Sophos servers on Monday or something behind the scenes got adjusted by Sophos Support. All good now, config transferred over fine. Now just waiting for the 10gb SFP to arrive so I can take it in to the office and install. :-)