Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bruno_Petronio
Contributor

Activating IPS in a vSystem - "Failed to read IPS profiles"

Hello All,

 

I'm trying to troubleshoot why "ips stat" in my vSystem gives me the following result :

[Expert@FW-VSXGW_1:1]# ips stat
IPS Status: Enabled
Failed to read IPS profiles
IPS Update Version: 0
Global Detect: Off
Bypass Under Load: Off

Double-clicking SmartLog entry for vSystem with blade:IPS filter gives us the following message in the vSystem:

  • Failed to update new protections details

 

Our setup is as follows:

  • MDS in HA;
  • VSX GW is installed in a different Domain where vSystem is running on;
  • Blades were activated in vSystem gateways only. Not in the VSX;
  • Only after applying the Threat Prevention Policy for the first time, the vS removed the IPS alarm;
  • SmartConsole has a proxy-connection towards the internet to update Threat Prevention DB, not the MDSs;
  • We have other Gateways(not VSX) , that don't have access to internet, and still they are updated via SmartConsole->MDS->GW;
  • No errors/drops between VSX GW and the DMS (CMA);

Following the sk106496:

  • The updates for IPS Software Blade are downloaded to the Security Management Server / Domain Management Server and then are transferred to the VSX Gateway during policy installation. (The IPS update is fetched from the Security Management and pushed to the VSX (VS0).)

 

Any idea why I'm having this issue ? Any ideas for troubleshoot ?

 

Thanks in advance,

Bruno Petrónio

0 Kudos
1 Reply
Chris_Atkinson
Employee
Employee

Please review the Threat Prevention admin guide section "Configuring Threat Prevention Settings on VSX Gateways"

Note the references to VS0 configuration.

0 Kudos