Cisco Systems CL-28826-01

8-63

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter8 Managing Deployment

Rolling Back Configurations

•Security Manager warns you about IPS devices that must be downgraded more than one level, and

as a result, Security Manager cannot do it. You must use the Cisco IPS CLI for such downgrades.

The warning dialog box displays the version to which the device must be reimaged or downgraded.

Note The option of downgrading an IOS IPS device during rollback is not available, because IOS IPS devices

do not support downgrade.

If the option of downgrading the sensor during rollback will not help accomplish the rollback, you

receive an error message stating that rollback cannot occur and that you need to manually reinstall the

image on the device to roll back. Only the update package most recently installed on a device can be

downgraded, so downgrade does not help in the following cases:

•Rollback of a deployment (signature update) that involves downloading more than one update

package to the device.

•Selection of an old deployment or configuration for rollback subsequent to which several upgrades

occurred.

•Rollback of an upgrade that cannot be downgraded. Major, minor, and most service pack upgrades

cannot be downgraded, as shown in Table8-17 on page 8-63

For rollback of a configuration that requires a downgrade to a version prior to Cisco IPS 5.1(4), Security

Manager does not support automatic downgrade. You must manually downgrade the device to the

specified version and then proceed with rollback.

Caution Outbreak Prevention updates on a particular device may be lost if that device is downgraded.

During rollback, if Security Manager discovers that there have been out-of-band changes to the device

that prevent rollback, you will receive an error message stating that rollback is prevented.