Cisco Cisco Firepower Management Center 2000
18
FireSIGHT System Release Notes
Installing the Update
To reactivate a grayed-out Apply button, edit any interface in the device configuration, then click Save without
making changes.
making changes.
17.
Reapply access control policies to all managed devices.
Caution:
Do not reapply your intrusion policies individually; you must reapply all access control policies completely.
Applying an access control policy may cause a short pause in traffic flow and processing, and may also cause a few
packets to pass uninspected. For more information, see the FireSIGHT System User Guide.
packets to pass uninspected. For more information, see the FireSIGHT System User Guide.
18.
If a patch later than Version 5.4.1.2 is available on the Support site, apply the latest patch as described in the
FireSIGHT System Release Notes for that version. You must update to the latest patch to take advantage of the latest
enhancements and security fixes.
FireSIGHT System Release Notes for that version. You must update to the latest patch to take advantage of the latest
enhancements and security fixes.
Updating Managed Devices, and ASA FirePOWER Modules, and Cisco NGIPS for
Blue Coat X-Series
Blue Coat X-Series
After you update your Defense Centers to Version 5.4.1.1, use them to update the devices they manage.
A Defense Center must be running at least Version 5.4 to update its managed devices to Version 5.4.0.3or Version
5.4.1.2. Because they do not have a web interface, you must use the Defense Center to update your virtual managed
devices, Cisco NGIPS for Blue Coat X-Series, and ASA FirePOWER modules.
5.4.1.2. Because they do not have a web interface, you must use the Defense Center to update your virtual managed
devices, Cisco NGIPS for Blue Coat X-Series, and ASA FirePOWER modules.
Updating managed devices is a two-step process. First, download the update from the Support site and upload it to the
managing Defense Center. Next, install the software. You can update multiple devices at once, but only if they use the
same update file.
managing Defense Center. Next, install the software. You can update multiple devices at once, but only if they use the
same update file.
For the Version 5.4.0.3 update, all devices reboot; Cisco NGIPS for Blue Coat X-Series VAP groups reload. Series 3
devices do not perform traffic inspection, switching, routing, NAT, VPN, or related functions during the update.
Depending on how your devices are configured and deployed, the update process may also affect traffic flow and link
state. For more information, see
devices do not perform traffic inspection, switching, routing, NAT, VPN, or related functions during the update.
Depending on how your devices are configured and deployed, the update process may also affect traffic flow and link
state. For more information, see
Caution:
Before you update a managed device, use its managing Defense Center to reapply the appropriate access
control policy to the managed device. Otherwise, the managed device update may fail.
Caution:
Do not reboot or shut down your appliances during the update until after you see the login prompt. The system
may appear inactive during the pre-checks portion of the update; this is expected behavior and does not require you to
reboot or shut down your appliances.
reboot or shut down your appliances.
Note:
If you plan on updating the system to Version 6.0, you must install the FireSIGHT System Version 6.0
Pre-Installation package prior to updating the Version 6.0. For more information, see the
Tip:
If your FireSIGHT Software for X-Series is deployed inline and you are using multi-member VAP groups, Cisco
recommends that you update the VAPs one at a time. This allows the other VAPs in the group to inspect network traffic
while the VAP that is being updated reloads. If you are using single-VAP VAP groups in an inline deployment, reloading
the VAP causes an interruption in network traffic. Make sure you plan the update for a maintenance window or other time
when it will have the least impact on your deployment.
while the VAP that is being updated reloads. If you are using single-VAP VAP groups in an inline deployment, reloading
the VAP causes an interruption in network traffic. Make sure you plan the update for a maintenance window or other time
when it will have the least impact on your deployment.
To update managed devices and ASA FirePOWER modules, and Cisco NGIPS for Blue Coat X-Series:
1.
Read these release notes and complete any required pre-update tasks.
Note
: Download the update directly from the Support site. If you transfer an update file by email, it may become
corrupted.
For more information, see
.
2.
Update the software on the devices’ managing Defense Center; see
3.
Download the update from the Support site: