Cisco Cisco Firepower Management Center 2000 Notas de publicación
10
FireSIGHT System Release Notes
Before You Begin: Important Update and Compatibility Notes
The following table provides details on how traffic flow, inspection, and link state are affected during the update,
depending on your deployment. Note that regardless of how you configured any inline sets, switching, routing, NAT, and
VPN are not performed during the update process.
depending on your deployment. Note that regardless of how you configured any inline sets, switching, routing, NAT, and
VPN are not performed during the update process.
Switching and Routing
Series 3 devices do not perform switching, routing, NAT, VPN, or related functions during the update. If you configured
your devices to perform only switching and routing, network traffic is blocked throughout the update.
your devices to perform only switching and routing, network traffic is blocked throughout the update.
Audit Logging During the Update
When updating appliances that have a web interface, after the system completes its pre-update tasks and the
streamlined update interface page appears, login attempts to the appliance are not reflected in the audit log until the
update process is complete and the appliance reboots.
streamlined update interface page appears, login attempts to the appliance are not reflected in the audit log until the
update process is complete and the appliance reboots.
Version Requirements for Updating to Version 5.4.0.5 and Version 5.4.1.4
To update to Version 5.4.1.4, a Defense Center must be running at least Version 5.4. Defense Centers running Version
5.4.1.1 can manage devices running Version 5.4.0.5 and Version 5.4.1.4. If you are running an earlier version, you can
obtain updates from the Support site.
5.4.1.1 can manage devices running Version 5.4.0.5 and Version 5.4.1.4. If you are running an earlier version, you can
obtain updates from the Support site.
A Defense Center must be running at least Version 5.4 to update its managed devices to Version 5.4.1.4.
The closer your device’s or ASA module’s current version to the release version (Version 5.4.0.5 or Version 5.4.1.4), the
less time the update takes.
less time the update takes.
Caution:
BIOs Version 2.0.1b must be running on DC2000 and DC4000 in order to update to your appliances Version
5.4.0.5 or Version 5.4.1.4. If updating your appliances fails due to an earlier BIOs version running on your DC2000 or
DC4000, contact Support.
DC4000, contact Support.
Time and Disk Space Requirements for Updating to Version 5.4.0.5 and Version
5.4.1.4
5.4.1.4
The table below provides disk space and time guidelines for the Version 5.4.0.5 and Version 5.4.1.4 update. Note that
when you use the Defense Center to update a managed device, the Defense Center requires additional disk space on
its /Volume partition.
when you use the Defense Center to update a managed device, the Defense Center requires additional disk space on
its /Volume partition.
Table 2
Network Traffic Interruptions
Deployment
Network Traffic Interrupted?
Inline with configurable bypass
(Configurable bypass option
enabled for inline sets)
enabled for inline sets)
Network traffic is interrupted at two points during the update:
At the beginning of the update process, traffic is briefly interrupted while link goes
down and up (flaps) and the network card switches into hardware bypass. Traffic is
not inspected during hardware bypass.
down and up (flaps) and the network card switches into hardware bypass. Traffic is
not inspected during hardware bypass.
After the update finishes, traffic is again briefly interrupted while link flaps and the
network card switches out of bypass. After the endpoints reconnect and reestablish
link with the sensor interfaces, traffic is inspected again.
network card switches out of bypass. After the endpoints reconnect and reestablish
link with the sensor interfaces, traffic is inspected again.
The configurable bypass option is not supported on virtual devices, Cisco NGIPS for
Blue Coat X-Series, Cisco ASA with FirePOWER Services, non-bypass NetMods on
8000 Series devices, or SFP transceivers on 71xx Family devices.
Blue Coat X-Series, Cisco ASA with FirePOWER Services, non-bypass NetMods on
8000 Series devices, or SFP transceivers on 71xx Family devices.
Inline
Network traffic is blocked throughout the update.
Passive
Network traffic is not interrupted, but also is not inspected during the update.