Cisco Cisco Firepower Management Center 2000 Release Notes
Firepower System Release Notes
Installing the Update
19
Step 4
Upload the update to the Firepower Management Center by selecting
System > Updates
, then clicking
Upload Update
on the Product Updates tab. Browse to the update and click
Upload
.
The update is uploaded to the Firepower Management Center. The web interface shows the type of update
you uploaded, its version number, and the date and time it was generated.
you uploaded, its version number, and the date and time it was generated.
Step 5
Make sure that the appliances in your deployment are successfully communicating and that there are no
issues reported by the health monitor.
issues reported by the health monitor.
Step 6
Click the install icon next to the update you are installing.
The Install Update page appears.
Step 7
Select the devices where you want to install the update.
If you are updating a stacked pair, selecting one member of the pair automatically selects the other. You must
update members of a stacked pair together.
update members of a stacked pair together.
Step 8
Click
Install
. Confirm that you want to install the update and reboot the devices.
Step 9
The update process begins. You can monitor the update's progress in the Firepower Management
Center’s task queue by clicking the System Status icon, then clicking the Tasks tab.
Center’s task queue by clicking the System Status icon, then clicking the Tasks tab.
Note that managed devices may reboot twice during the update; this is expected behavior.
Caution:
If you encounter issues with the update (for example, if the Message Center indicates that the
update has failed, or shows no progress on the update task for several minutes), do not restart the update.
Instead, contact Support.
Instead, contact Support.
Step 10
Select
Devices > Device Management
and confirm that the devices you updated have the correct software
version: Version 6.0.0.1.
Step 11
Verify that the appliances in your deployment are successfully communicating and that there are no
issues reported by the health monitor.
issues reported by the health monitor.
Step 12
Redeploy your configurations to all managed devices.
Deployment may cause a short pause in traffic flow and processing, and may also cause a few packets to pass
uninspected. For more information, see the Firepower Management Center User Guide.
uninspected. For more information, see the Firepower Management Center User Guide.
Step 13
If a patch for Version 6.0.0.1 is available on the Support site, apply the latest patch as described in the
for that version.
for that version.
Caution:
After updating the system to Version 6.0.0.1, you
must
download and install
Sourcefire_hotfix_6.0.0-k-build_3.tar
from the Support site. If you do not install
Sourcefire_hotfix_6.0.0-k-build_3.tar
after updating to Version 6.0.0.1, the Firepower Management Center
fails to update access control rules referencing intrusion policies containing shared objects rules or rules
with the generator ID (GID) of 3 even though the Message center displays the deploy successful.
with the generator ID (GID) of 3 even though the Message center displays the deploy successful.
Caution:
When using URL Filtering with
Retry URL cache miss lookup
enabled to allow URL retry, the system delays
packets for URLs that have not been previously seen by the firewall while the URL category and reputation
are determined so URL filtering rules can be resolved. Until the lookup of the URL category and reputation is
completed, or the lookup request times out, in inline, routed, or transparent deployments the packet will be
held at the firewall. If a two second time limit is reached without the category and reputation determination
completing the URL category
are determined so URL filtering rules can be resolved. Until the lookup of the URL category and reputation is
completed, or the lookup request times out, in inline, routed, or transparent deployments the packet will be
held at the firewall. If a two second time limit is reached without the category and reputation determination
completing the URL category
Uncategorized
is used with no reputation, and rule evaluation proceeds. URL
category determination can introduce up to two seconds of delay in packet delivery, depending on local
network conditions. If such delay is not acceptable, URL retry should be disabled. Note that with URL retry
disabled, URL filtering may not be effective until such time as URL category and reputation determination
completes for each URL. Until that time, packets that would have been filtered based on the URL’s category
or reputation will be filtered based on the
network conditions. If such delay is not acceptable, URL retry should be disabled. Note that with URL retry
disabled, URL filtering may not be effective until such time as URL category and reputation determination
completes for each URL. Until that time, packets that would have been filtered based on the URL’s category
or reputation will be filtered based on the
Uncategorized
category. To disable URL retry, clear the
Retry URL cache
miss lookup
option in the General advanced settings of the access control policy (
Policies > Access Control > Access
Control > edit policy > Advanced > edit General Settings
). Note that this option is enabled and URL retry is allowed by
default.