IBM Support

Configuring Network IPS at firmware 4.x to pull updates from SiteProtector

Question & Answer


Question

How do you configure the Network IPS (GX) to pull updates from SiteProtector when the management interface of the appliance does not have internet access?

Cause

In some environments, the management interface of the Network IPS (GX) does not have internet access. However, the SiteProtector server may have an active connection. This article will provide instructions for configuring the GX to pull updates through SiteProtector's X-Press Update Server.

Answer

Prerequisite: The management interface of the GX must be able to communicate with the SiteProtector X-Press Update Server on port 3994. A simple telnet command that is issued via the CLI on the GX can confirm this. You can run telnet x.x.x.x 3994 (where x.x.x.x is the IP address of the X-Press Update Server). If this is successful, you should see an output similar to the text below:

al-gx5208:~ # telnet 10.2.2.25 3994
Trying 10.2.2.25...
Connected to 10.2.2.25.
Escape character is '^]'.

Follow the instructions below to configure the GX to receive updates through the X-Press Update Server:
  1. In the SiteProtector Agent view, right-click the GX and click Manage Policy.
  2. In the policy view, open the Update Settings policy.
  3. Click the License and Update Servers tab.
  4. Here you will see the default server for IBM ISS Default License and Update Server. If you never plan to use this, you can delete this entry. Otherwise, just disable it for the time being.
    Note: You can keep this entry in here if you would like, although it is not necessarily required. The GX tries to connect to these servers starting at the top of the list going down. If it fails on one, it will simply go to the next.
  5. Click the green + button in the upper-right side of the policy to add a new server.
  6. In the Host or IP field, specify the IP address or hostname of the SiteProtector X-Press Update Server.
    Note: For more information on steps 6-9, see the Configuring license and update servers documentation.
  7. Specify 3994 for the port.
  8. (optional) Enable the Use a Proxy Server check box and specify proxy details if the communication must go through a proxy.
  9. Click OK to add the new server.
  10. If multiple servers are listed here, use the up or down arrows in the upper-right side (as seen in the screen capture below) to ensure that SiteProtector X-Press Update Server is the first entry listed.
  11. Save and deploy the policy.
  12. To verify that the updates work, you can manually check for updates using the Check for updates tool in the LMI and confirm that you see a Successfully checked for updates message. For more information on this process, review the Using update tools documentation.

[{"Product":{"code":"SS9SBT","label":"Proventia Network Intrusion Prevention System"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Updates","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"4.6.1;4.6.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
25 January 2021

UID

swg21683679

Page Feedback