Schedule Intrusion Rule Updates

Note	This section applies only to Snort 2.

Caution

The first deploy after importing an intrusion rule update restarts the Snort process, which interrupts traffic inspection. Whether traffic drops during the interruption or passes without further inspection depends on how the target device handles traffic. For more information, see Snort Restart Traffic Behavior.

As a part of initial configuration the system configures a daily automatic intrusion rule update from the Cisco Support & Download site. (The system deploys automatic intrusion rule updates to affected managed devices when it next deploys affected policies.) If configuring the update fails and the CDO has internet access, we recommend you configure regular intrusion rule updates as described in this section.

Procedure

Step 1

Choose System ( system gear icon ) > Updates.

Note	You can also click Import Rules on the intrusion rules editor page (Objects > Intrusion Rules).

Step 2

Click Rule Updates.

Step 3

If you want to move all user-defined rules that you have created or imported to the deleted folder, click Delete All Local Rules in the toolbar, then click OK.

Step 4

Check Enable Recurring Rule Update Imports from the Support Site check box.

Import status messages appear beneath the Recurring Rule Update Imports section heading.

Step 5

In the Import Frequency field, specify:

The frequency of the update (Daily, Weekly, or Monthly)
The day of the week or month you want the update to occur
The time you want the update to start

Step 6

If you want to automatically re-deploy the changed configuration to your managed devices after the update completes, check the Deploy updated policies to targeted devices after rule update completes check box.

Step 7

Click Save.

Caution

Contact Support if you receive an error message while installing the intrusion rule update.

The status message under the Recurring Rule Update Imports section heading changes to indicate that the rule update has not yet run.