Cisco Cisco Firepower Management Center 2000

18

FireSIGHT System Release Notes

Installing the Update

To reactivate a grayed-out Apply button, edit any interface in the device configuration, then click Save without 
making changes.

Reapply access control policies to all managed devices.

 Do not reapply your intrusion policies individually; you must reapply all access control policies completely.

Applying an access control policy may cause a short pause in traffic flow and processing, and may also cause a few 
packets to pass uninspected. For more information, see the FireSIGHT System User Guide.

If a patch later than Version 5.4.1.2 is available on the Support site, apply the latest patch as described in the 
FireSIGHT System Release Notes for that version. You must update to the latest patch to take advantage of the latest 
enhancements and security fixes.

Updating Managed Devices, and ASA FirePOWER Modules, and Cisco NGIPS for 
Blue Coat X-Series

After you update your Defense Centers to Version 5.4.1.1, use them to update the devices they manage.

A Defense Center must be running at least Version 5.4 to update its managed devices to Version 5.4.0.3or Version 
5.4.1.2. Because they do not have a web interface, you must use the Defense Center to update your virtual managed 
devices, Cisco NGIPS for Blue Coat X-Series, and ASA FirePOWER modules.

Updating managed devices is a two-step process. First, download the update from the Support site and upload it to the 
managing Defense Center. Next, install the software. You can update multiple devices at once, but only if they use the 
same update file.

For the Version 5.4.0.3 update, all devices reboot; Cisco NGIPS for Blue Coat X-Series VAP groups reload. Series 3 
devices do not perform traffic inspection, switching, routing, NAT, VPN, or related functions during the update. 
Depending on how your devices are configured and deployed, the update process may also affect traffic flow and link 
state. For more information, see 

 Before you update a managed device, use its managing Defense Center to reapply the appropriate access 

control policy to the managed device. Otherwise, the managed device update may fail.

 Do not reboot or shut down your appliances during the update until after you see the login prompt. The system 

may appear inactive during the pre-checks portion of the update; this is expected behavior and does not require you to 
reboot or shut down your appliances.

 If you plan on updating the system to Version 6.0, you must install the FireSIGHT System Version 6.0 

Pre-Installation package prior to updating the Version 6.0. For more information, see the 

If your FireSIGHT Software for X-Series is deployed inline and you are using multi-member VAP groups, Cisco 

recommends that you update the VAPs one at a time. This allows the other VAPs in the group to inspect network traffic 
while the VAP that is being updated reloads. If you are using single-VAP VAP groups in an inline deployment, reloading 
the VAP causes an interruption in network traffic. Make sure you plan the update for a maintenance window or other time 
when it will have the least impact on your deployment.

Read these release notes and complete any required pre-update tasks.

: Download the update directly from the Support site. If you transfer an update file by email, it may become 

corrupted. 

For more information, see 

.

Update the software on the devices’ managing Defense Center; see 

Download the update from the Support site: