Cisco Cisco Firepower Management Center 2000
Firepower System Release Notes
Uninstalling the Update
21
Caution:
After updating the system to Version 6.0.0.1, you
must
download and install
Sourcefire_hotfix_6.0.0-k-build_3.tar
from the Support site. If you do not install
Sourcefire_hotfix_6.0.0-k-build_3.tar
after updating to Version 6.0.0.1, the Firepower Management Center
fails to update access control rules referencing intrusion policies containing shared objects rules with the
generator ID (GID) of 3 even though the Message center displays the deploy successful.
generator ID (GID) of 3 even though the Message center displays the deploy successful.
Caution:
When using URL Filtering with
Retry URL cache miss lookup
enabled to allow URL retry, the system delays
packets for URLs that have not been previously seen by the firewall while the URL category and reputation
are determined so URL filtering rules can be resolved. Until the lookup of the URL category and reputation is
completed, or the lookup request times out, in inline, routed, or transparent deployments the packet will be
held at the firewall. If a two second time limit is reached without the category and reputation determination
completing the URL category
are determined so URL filtering rules can be resolved. Until the lookup of the URL category and reputation is
completed, or the lookup request times out, in inline, routed, or transparent deployments the packet will be
held at the firewall. If a two second time limit is reached without the category and reputation determination
completing the URL category
Uncategorized
is used with no reputation, and rule evaluation proceeds. URL
category determination can introduce up to two seconds of delay in packet delivery, depending on local
network conditions. If such delay is not acceptable, URL retry should be disabled. Note that with URL retry
disabled, URL filtering may not be effective until such time as URL category and reputation determination
completes for each URL. Until that time, packets that would have been filtered based on the URL’s category
or reputation will be filtered based on the
network conditions. If such delay is not acceptable, URL retry should be disabled. Note that with URL retry
disabled, URL filtering may not be effective until such time as URL category and reputation determination
completes for each URL. Until that time, packets that would have been filtered based on the URL’s category
or reputation will be filtered based on the
Uncategorized
category. To disable URL retry, clear the
Retry URL cache
miss lookup
option in the General advanced settings of the access control policy (
Policies > Access Control > Access
Control > edit policy > Advanced > edit General Settings
). Note that this option is enabled and URL retry is allowed by
default.
Uninstalling the Update
We will need a section for uninstalling the update from the MDC when that comes back. Enhancement: add section
for uninstalling from DCs via the shell
for uninstalling from DCs via the shell
The following sections help you uninstall the Version 6.0.0.1 update from your appliances:
Planning the Uninstallation
Before you uninstall the update, you must thoroughly read and understand the following sections.
Uninstallation Method
You must uninstall updates locally. You cannot use a Firepower Management Center to uninstall the update from
a managed device.
a managed device.
For all physical appliances and virtual Firepower Management Centers, uninstall the update using the local web
interface. Because virtual managed devices do not have a web interface, you must use the bash shell to uninstall
the update.
interface. Because virtual managed devices do not have a web interface, you must use the bash shell to uninstall
the update.
Order of Uninstallation
Uninstall the update in the reverse order that you installed it. That is, first uninstall the update from managed
devices, then from Firepower Management Centers.
devices, then from Firepower Management Centers.