Configuring Client Updates As An Auto Update Server - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 41
Managing Software, Licenses, and Configurations
time specifies the time in the format HH:MM at which to start the poll. For example, 8:00 is 8:00 AM
and 20:00 is 8:00 PM
randomize minutes specifies the period to randomize the poll time following the specified start time.
The range is from 1 to 1439 minutes.
retry_count specifies how many times to try reconnecting to the Auto Update Server if the first attempt
fails. The default is 0.
retry_period specifies how long to wait between connection attempts. The default is 5 minutes. The
range is from 1 and 35791 minutes.
(Optional) If the Auto Update Server has not been contacted for a certain period of time, the following
Step 5
command will cause it to cease passing traffic:
hostname(config)# auto-update timeout period
Where period specifies the timeout period in minutes between 1 and 35791. The default is to never time
out (0). To restore the default, enter the no form of this command.
Use this command to ensure that the security appliance has the most recent image and configuration.
This condition is reported with system log message 201008.
In the following example, a security appliance is configured to poll an AUS with IP address
209.165.200.224, at port number 1742, from the outside interface, with certificate verification.
It is also configured to use the hostname of the security appliance as the device ID. It is configured to
poll every Friday and Saturday night at a random time between 10:00 p.m. and 11:00 p.m. On a failed
polling attempt, it will try to reconnect to the AUS 10 times, and wait 3 minutes between attempts at
reconnecting.
hostname(config)# auto-update server
https://jcrichton:farscape@209.165.200.224:1742/management source outside
verify-certificate
hostname(config)# auto-update device-id hostname
hostname(config)# auto-update poll-at Friday Saturday 22:00 randomize 60 2 10
Configuring Client Updates as an Auto Update Server
The client-update command lets you enable the update for security appliances configured as Auto
Update clients. It lets you specify the type of software component (asdm or boot image), the type or
family of security appliance, revision numbers to which the update applies, and a URL or IP address
from which to get the update.
To configure the security appliance as an Auto Update server, perform the following steps:
In global configuration mode, enable client update by entering the command:
Step 1
hostname(config)# client-update enable
hostname(config)#
Configure the parameters for the client update that you want to apply for the security appliances using
Step 2
the client-update command:
OL-10088-01
client-update {component {asdm | image} | device-id dev_string |
family family_name | type type} url url-string rev-nums rev-nums}
Cisco Security Appliance Command Line Configuration Guide
Configuring Auto Update Support
41-11
Advertisement
Table of Contents
Troubleshooting
