Intrusion Prevention


This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.

  • 1.  [help] ISG with IDP Module Detection Error

    Posted 05-07-2009 01:47
    Hi,  We have ISG-2000 with IDP module installed in it. I've update firewall with IOS (nsISG2000.6.2.0-IDP1.r2.0. Eventually IOS update procedure went fine but as soon I restarted I’ve received following information/error on my console. I'm not sure what action point needs to do on it, so i need your expert suggestion. However still I didn’t try to add firewall in NSM to implement IDP, as NSM is not yet activate so I’m not sure below information has any impact. 

     Here is logs I’ve received.


     Security Module 3 is ready
    All Security Modules init done
    IDP application is not supported, please make sure that the device is in Advance mode,
    has IDP license installed, ipv6 disabled, jumbo_frame disable, and has 2G memory.
    Received all run-time-object from peer.

      Firewall is already updated with IDP license; I’m confirming it has nothing to do with licenses.  What does “Advance Mode” means here? Kindly help me out.  

  • 2.  RE: [help] ISG with IDP Module Detection Error

    Posted 05-07-2009 02:28


    "advanced mode" is a license that includes IDP inspection and extended capabilities.

    Copy here the output of a "get license" to verify the situation.




  • 3.  RE: [help] ISG with IDP Module Detection Error

    Posted 05-07-2009 02:36

    Thanks Dan for reply, Here is output


    get license-key

    advanced_key        : 2dCatAYClEdqGctAo8P7KqU1ZwF3eeVOFJPHJJJmOZ1Btg0DRC

    idp_sm_key          : 2LuVPCx+hA8+nEMdUSQyANn/DT/

    Model:              Advanced
    Sessions:           500064 sessions
    Capacity:           unlimited number of users
    NSRP:               ActiveActive
    VPN tunnels:        10000 tunnels
    Vsys:               None
    Vrouters:           3 virtual routers
    Zones:              34 zones
    VLANs:              2000 vlans
    Drp:                Enable
    Deep Inspection:    Enable
    Deep Inspection Database Expire Date: Disable
    Signature pack:     Signature update key is missing
    IDP:                Disable
    AV:                 Enable(1)
    Anti-Spam:          Disable(0)
    Url Filtering:      Disable

    Update server url:
    License key auto update : Disabled
    Auto update interval : 0 days

  • 4.  RE: [help] ISG with IDP Module Detection Error

    Posted 05-07-2009 02:59

    @AffanRayf wrote:

    IDP:                Disable


    The problem is here: the IDP is disabled.


    I have to correct my previous statement: the "advanced mode" is required but doesn't include the IDP license.


    So I think you should double check that you have a valid IDP license and install it on the device.


    Ciao 🙂



  • 5.  RE: [help] ISG with IDP Module Detection Error

    Posted 05-07-2009 03:14

    Thanks, I'm working on. I'll update you soon.

  • 6.  RE: [help] ISG with IDP Module Detection Error

    Posted 05-07-2009 07:09

    Hi Affan,

    forgot to say, you should also check that the device has 2GB memory and that IPv6 and jumbo frame are disabled.


    Please check the output of:

    get sys

    get env


    Feel free to copy the output here so I can check.


    Ciao 🙂


  • 7.  RE: [help] ISG with IDP Module Detection Error

    Posted 05-07-2009 08:05

    Hi Dan,


    I Just say your message, I gone through some document & find out the case of memory. So without wasting time, i've update firewall with 2GB memory, prior it has 1GB. So the only issue that you also pin point is valid and that was with memory shortage, as to support IDP with firewall its require 2GB. Further firewalls is working in NSRP so i updated both ;).


    Dan, i guess firewalls with IDP is ready ? or do you see anything else in it. I know for FW with IDP, NSM appliance is require for configuration. Can you also please share any document or step-by-step guide that help for implementation in view of NSM.


    Many Thanks



     - Affan



  • 8.  RE: [help] ISG with IDP Module Detection Error

    Posted 05-09-2009 11:38



    You there ? Any suggestion regarding document please ?


  • 9.  RE: [help] ISG with IDP Module Detection Error

    Posted 05-11-2009 19:51



    The steps are documented in the NSM Administrator  Guide. 

    On a high level the steps you need to perform are :


    On the device:

    1. Make sure that the IDP license shows enabled (get lic)

    2. Make sure there is the Security modules show enabled (get sm status) --> CPU should show as 1

    3. Management Interface needs to have an IP Address (Suggest using the management interface alone for management)

    4. Make sure NSM server IP Address is pingable and port tcp/7800 is open between the device and NSM server 

    5. Enable SSH on the management interface 


    On NSM:

    1. Add the device as Device is reachable

    2. Import the Device

    3. Perform an attack object update (configuration --> Update attack objects)

    4. Update the detector on the device (Its on the configuration menu)

    5. Define the IDP policy using Security Policies

    6. Perform an update to the device


    Lastly, not sure what ScreenOS you are using, suggest using the latest version of ScreenOS on either 6.0 or 6.1.





  • 10.  RE: [help] ISG with IDP Module Detection Error
    Best Answer

    Posted 05-11-2009 22:30
    Many Thanks Chandra & Dan

  • 11.  RE: [help] ISG with IDP Module Detection Error

    Posted 05-12-2009 00:29


    we have a "Network and Security Manager 2008.2 Configuring ScreenOS and IDP Devices Guide" available here:






  • 12.  RE: [help] ISG with IDP Module Detection Error

    Posted 05-13-2009 05:10



    Thank you very much for your valuable support. Great indeed !!