Cisco Cisco Firepower Management Center 2000
17
FireSIGHT System Release Notes
Installing the Update
12.
Select Help > About and confirm that the software version is listed correctly: Version 5.4.1.5. Also note the versions of the rule update
and VDB on the Defense Center; you will need this information later.
and VDB on the Defense Center; you will need this information later.
13.
Verify that the appliances in your deployment are successfully communicating and that there are no issues reported by the health
monitor.
monitor.
14.
If the rule update available on the Support site is newer than the rules on your Defense Center, import the newer rules. Do not
auto-apply the imported rules at this time.
auto-apply the imported rules at this time.
For information on rule updates, see the FireSIGHT System User Guide.
15.
If the VDB available on the Support site is newer than the VDB on your Defense Center, install the latest VDB.
Installing a VDB update causes a short pause in traffic flow and processing, and may also cause a few packets to pass uninspected. For
more information, see the FireSIGHT System User Guide.
more information, see the FireSIGHT System User Guide.
16.
Reapply device configurations to all managed devices.
To reactivate a grayed-out Apply button, edit any interface in the device configuration, then click Save without making changes.
17.
Reapply access control policies to all managed devices.
Caution:
Do not reapply your intrusion policies individually; you must reapply all access control policies completely.
Applying an access control policy may cause a short pause in traffic flow and processing, and may also cause a few packets to pass
uninspected. For more information, see the FireSIGHT System User Guide.
uninspected. For more information, see the FireSIGHT System User Guide.
18.
If a patch for Version 5.4.1.5 is available on the Support site, apply the latest patch as described in the FireSIGHT System Release Notes
for that version. You must update to the latest patch to take advantage of the latest enhancements and security fixes.
for that version. You must update to the latest patch to take advantage of the latest enhancements and security fixes.
Preventing URL Cache Miss Lookup Retries
Version 5.4.1.5 introduces the ability to control system retry of URL cache miss lookups. URL category determination can introduce up to
two seconds of delay in packet delivery, depending on local network conditions. If such delay is not acceptable, URL retry should not be
allowed.
two seconds of delay in packet delivery, depending on local network conditions. If such delay is not acceptable, URL retry should not be
allowed.
The following conditions cause the system to allow URL retry: using URL Filtering with Do not retry URL cache miss lookup disabled
to allow URL retry or using URL Filtering with any managed devices running Version 5.4.0.2, Version 5.4.0.3, Version 5.4.0.4, Version
5.4.0.5 or managed devices running Version 5.4.1, Version 5.4.1.1, Version 5.4.1.2, Version 5.4.1.3, or Version 5.4.1.4 when you are
managing the device using a Defense Center running 5.4.1.5 or later.
to allow URL retry or using URL Filtering with any managed devices running Version 5.4.0.2, Version 5.4.0.3, Version 5.4.0.4, Version
5.4.0.5 or managed devices running Version 5.4.1, Version 5.4.1.1, Version 5.4.1.2, Version 5.4.1.3, or Version 5.4.1.4 when you are
managing the device using a Defense Center running 5.4.1.5 or later.
When you allow URL retry, the system delays packets for URLs that have not been previously seen by the firewall while the URL category
and reputation are determined so URL filtering rules can be resolved. Until the lookup of the URL category and reputation is completed, or
the lookup request times out, in inline, routed, or transparent deployments the packet will be held at the firewall. If a two second time limit
is reached without the category and reputation determination completing, the URL category Uncategorized is used with no reputation, and
rule evaluation proceeds. Note that without URL retry, URL filtering may not be effective until such time as URL category and reputation
determination completes for each URL. Until that time, packets that would have been filtered based on the URL’s category or reputation
will be filtered based on the Uncategorized category.
and reputation are determined so URL filtering rules can be resolved. Until the lookup of the URL category and reputation is completed, or
the lookup request times out, in inline, routed, or transparent deployments the packet will be held at the firewall. If a two second time limit
is reached without the category and reputation determination completing, the URL category Uncategorized is used with no reputation, and
rule evaluation proceeds. Note that without URL retry, URL filtering may not be effective until such time as URL category and reputation
determination completes for each URL. Until that time, packets that would have been filtered based on the URL’s category or reputation
will be filtered based on the Uncategorized category.
If you want to disable URL retry and you are using a Defense Center running Version 5.4.1.5 or later to manage devices running Version
5.4.0.2, Version 5.4.0.3, Version 5.4.0.4, Version 5.4.0.5 or managed devices running Version 5.4.1, Version 5.4.1.1, Version 5.4.1.2, Version
5.4.1.3, or Version 5.4.1.4, you must first update the devices to Version 5.4.0.6 or later or Version 5.4.1.5 or later, then disable URL retry as
described below and reapply the access control policy.
5.4.0.2, Version 5.4.0.3, Version 5.4.0.4, Version 5.4.0.5 or managed devices running Version 5.4.1, Version 5.4.1.1, Version 5.4.1.2, Version
5.4.1.3, or Version 5.4.1.4, you must first update the devices to Version 5.4.0.6 or later or Version 5.4.1.5 or later, then disable URL retry as
described below and reapply the access control policy.
To disable URL retry on managed devices running Version 5.4.0.6 or later or Version 5.4.1.5 or later, check the Do not retry URL cache
miss lookup option in the General advanced settings of the access control policy (Policies > Access Control > edit policy > Advanced >
edit General Settings) and reapply the access control policy to the device. Note that this option is disabled and URL retry is allowed by
default.
miss lookup option in the General advanced settings of the access control policy (Policies > Access Control > edit policy > Advanced >
edit General Settings) and reapply the access control policy to the device. Note that this option is disabled and URL retry is allowed by
default.