Cisco Cisco Firepower Management Center 2000
2
Firepower System Release Notes
Important Update Notes
Running a Readiness Check via the Shell
You can run a readiness check via the shell on any appliance. The time to run the readiness check varies depending on your appliance model and
database size.
database size.
To run a readiness check via the shell:
1.
Install the Version 6.1 Pre-Installation package as described in
. You must be running the Version 6.1 Pre-Installation image in order to run the readiness check.
2.
Download the Version 6.1.0 update from the Support site.
Note:
Download the update directly from the Support site. If you transfer an update file by email, it may become corrupted.
3.
Upload the Version 6.1.0 update to the appliance.
4.
Redeploy configuration changes to any managed devices. Otherwise, the eventual update of the managed devices may fail.
5.
Access the shell via the command line interface for your appliance as a user with administrator privileges.
6.
At the prompt, run the readiness check as the root user, where updatefilename is the name of the update you downloaded:
sudo install_update.pl --readiness-check /var/sf/updates/updatefilename
7.
Monitor the progress of the readiness check in the command prompt window. When the readiness check completes, the system reports the
success or failure in the command prompt window.
success or failure in the command prompt window.
8.
Access the full readiness check report in /var/log/sf/$rpm_name/upgrade_readiness.
Pre-Update Configuration and Event Backups
Before you begin the update, Cisco strongly recommends that you back up current event and configuration data to an external location.
Use the Firepower Management Center to back up event and configuration data for itself and the devices it manages. For more information on the
backup and restore feature, see the Firepower Management Center Configuration Guide.
backup and restore feature, see the Firepower Management Center Configuration Guide.
Note:
The Firepower Management Center purges locally stored backups from previous updates. To retain archived backups, store the backups
externally.
Caution:
Updating the Firepower Management Center to Version 6.1 may delete or disable Classic licenses for managed NGIPSv, ASA
FirePOWER, 7000 Series, and 8000 Series devices. Before you begin the update, contact Support for a script you can run to prevent this issue.
If you do not run the script, after the update, use the Classic licenses page (System > Licenses > Classic Licenses) to check and reinstall any deleted
licenses. Use the Device Management page (Devices > Device Management) to edit Classic managed devices and reenable the appropriate licenses.
If you do not run the script, after the update, use the Classic licenses page (System > Licenses > Classic Licenses) to check and reinstall any deleted
licenses. Use the Device Management page (Devices > Device Management) to edit Classic managed devices and reenable the appropriate licenses.
Traffic Flow and Inspection During the Update
Because the update process may affect traffic inspection, traffic flow, and link state, Cisco strongly recommends you perform the update in a
maintenance window or at a time when the interruption will have the least impact on your deployment.
maintenance window or at a time when the interruption will have the least impact on your deployment.
The update process reboots managed devices. Depending on how your devices are configured and deployed, the following capabilities are affected:
traffic inspection, including application awareness and control, URL filtering, Security Intelligence, intrusion detection and prevention, and
connection logging
connection logging
traffic flow, including switching, routing, NAT, VPN, and related functionality
link state
Note:
When you update 7000 and 8000 Series devices or Firepower Threat Defense devices in a high availability pair, the system performs the
update one device at a time to avoid traffic interruption.