Cisco Cisco Firepower Management Center 2000
Firepower System Release Notes
Installing the Update
20
Caution:
Although the configuration options for Firepower Management Center high availability appear in the
Integration page of the user interface, high availability is not supported for Firepower Management Centers
in Version 6.0.1. Do not attempt to place Firepower Management Centers into high availability.
in Version 6.0.1. Do not attempt to place Firepower Management Centers into high availability.
Updating Managed Devices and ASA Firepower modules
After you update your Firepower Management Centers to Version 6.0.1, use them to update the devices they
manage.
manage.
You must use a Firepower Management Center running Version 6.0 to update any managed device that does not
have its own web interface. For ASA Firepower modules running on the ASA 5506-X, ASA 5506H-X, ASA
5506W-X, ASA 5508-X, or ASA 5516-X, you can update the module using the Firepower Management Center or
connect to the ASA device and update the ASA Firepower module using local management via ASDM. For more
information see the Cisco ASA with FirePOWER Services Local Management Release Notes.
have its own web interface. For ASA Firepower modules running on the ASA 5506-X, ASA 5506H-X, ASA
5506W-X, ASA 5508-X, or ASA 5516-X, you can update the module using the Firepower Management Center or
connect to the ASA device and update the ASA Firepower module using local management via ASDM. For more
information see the Cisco ASA with FirePOWER Services Local Management Release Notes.
Updating managed devices is a two-step process. First, download the update from the Support site and upload
it to the managing Firepower Management Center. Next, install the software. You can update multiple devices at
once, but only if they use the same update file.
it to the managing Firepower Management Center. Next, install the software. You can update multiple devices at
once, but only if they use the same update file.
When you update clustered Cisco ASA with FirePOWER Services, apply the update one device at a time, allowing
the update to complete before updating the second device.
the update to complete before updating the second device.
For the Version 6.0.1 update, all devices reboot. 7000 Series and 8000 Series devices do not perform traffic
inspection, switching, routing, NAT, VPN, or related functions during the update and devices running Firepower
Threat Defense do not perform VPN functions. Depending on how your devices are configured and deployed, the
update process may also affect traffic flow and link state. For more information, see
inspection, switching, routing, NAT, VPN, or related functions during the update and devices running Firepower
Threat Defense do not perform VPN functions. Depending on how your devices are configured and deployed, the
update process may also affect traffic flow and link state. For more information, see
.
Firepower Threat Defense is new for the Version 6.0 Firepower System. You can reimage your Cisco ASA with
FirePOWER Services to use Firepower Threat Defense, or you can reimage Cisco ASA devices with Firepower
Threat Defense to a supported ASA version. For information about installing a Version 6.0.1 Firepower Threat
Defense image on supported ASA models, see the Cisco Firepower Threat Defense Quick Start Guide.
FirePOWER Services to use Firepower Threat Defense, or you can reimage Cisco ASA devices with Firepower
Threat Defense to a supported ASA version. For information about installing a Version 6.0.1 Firepower Threat
Defense image on supported ASA models, see the Cisco Firepower Threat Defense Quick Start Guide.
Caution:
Before you update a managed device, use its managing Firepower Management Center to redeploy
your configuration to the managed device. Otherwise, the managed device update may fail.
Caution:
Installing an update and deploying configurations can interrupt traffic inspection due to Snort
restarts and system restarts. How these interruptions affect traffic depends on the model of the managed
device and how it handles traffic. For more information, see
device and how it handles traffic. For more information, see
Caution:
Do not reboot or shut down your appliances during the update until after you see the login prompt.
The system may appear inactive during the pre-checks portion of the update; this is expected behavior and
does not require you to reboot or shut down your appliances.
does not require you to reboot or shut down your appliances.
To update managed devices and ASA Firepower modules:
Step 1
Read these release notes and complete any required pre-update tasks.
For more information, see
Step 2
Update the software on the devices’ managing Firepower Management Center; see
Step 3
Download the update from the Support site:
for 7000 Series and 8000 Series managed devices:
Sourcefire_3D_Device_S3_Patch-6.0.1-29.sh
for virtual managed devices: