Cisco Cisco Firepower Management Center 2000
Firepower System Release Notes
Before You Begin: Important Update and Compatibility Notes
Switching and Routing
Firepower 7000 Series and 8000 Series managed devices do not perform switching, routing, NAT, VPN, or related
functions during the update. If you configured your devices to perform only switching and routing, network traffic is
blocked throughout the update.
functions during the update. If you configured your devices to perform only switching and routing, network traffic is
blocked throughout the update.
Audit Logging During the Update
When updating appliances that have a web interface, after the system completes its pre-update tasks and the
streamlined update interface page appears, login attempts to the appliance are not reflected in the audit log until the
update process is complete and the appliance reboots.
streamlined update interface page appears, login attempts to the appliance are not reflected in the audit log until the
update process is complete and the appliance reboots.
Time and Disk Space Requirements for Updating to Version 6.0
The table below provides disk space and time guidelines for the Version 6.0 update. Note that when you use the
Firepower Management Center to update a managed device, the Firepower Management Center requires additional disk
space on its
Firepower Management Center to update a managed device, the Firepower Management Center requires additional disk
space on its
/Volume
partition.
Caution:
Do not restart the update or reboot your appliance at any time during the update process. Cisco provides
time estimates as a guide, but actual update times vary depending on the appliance model, deployment, and
configuration. Note that the system may appear inactive during the pre-checks portion of the update and after
rebooting; this is expected behavior.
configuration. Note that the system may appear inactive during the pre-checks portion of the update and after
rebooting; this is expected behavior.
The reboot portion of the update includes a database check. If errors are found during the database check, the update
requires additional time to complete. System daemons that interact with the database do not run during the database
check and repair.
requires additional time to complete. System daemons that interact with the database do not run during the database
check and repair.
Note:
The closer your appliance’s current version to the release version (Version 6.0), the less time the update takes.
Table 2-4 Network Traffic Interruptions
On this managed device
model...
model...
Configured as...
Traffic during restart is...
7000 Series, 8000 Series, and
NGIPSv
NGIPSv
Inline with Failsafe enabled or
disabled, or inline tap mode
disabled, or inline tap mode
Passed without inspection (a
few packets might drop if
Failsafe is disabled and Snort is
busy but not down)
few packets might drop if
Failsafe is disabled and Snort is
busy but not down)
Passive
Uninterrupted and not inspected
7000 Series and 8000 Series
Routed, switched, or
transparent
transparent
Dropped
Cisco ASA with FirePOWER
Services
Services
Routed or transparent with
fail-open (Permit Traffic)
fail-open (Permit Traffic)
Passed without inspection
Routed or transparent with
fail-close (Close Traffic)
fail-close (Close Traffic)
Dropped