Cisco Cisco Firepower Management Center 2000

FireSIGHT System Release Notes

Installing the Update

Review and accept the End User License Agreement (EULA). Note that you are logged out of the appliance if you do not accept the 
EULA.

Select Help > About and confirm that the software version is listed correctly: Version 5.4.1.8. Also note the versions of the rule update 
and VDB on the Defense Center; you will need this information later.

Verify that the appliances in your deployment are successfully communicating and that there are no issues reported by the health 
monitor.

If the rule update available on the Support site is newer than the rules on your Defense Center, import the newer rules. Do not 
auto-apply the imported rules at this time.

For information on rule updates, see the FireSIGHT System User Guide.

If the VDB available on the Support site is newer than the VDB on your Defense Center, install the latest VDB.

Installing a VDB update causes a short pause in traffic flow and processing, and may also cause a few packets to pass uninspected. For 
more information, see the FireSIGHT System User Guide.

Reapply device configurations to all managed devices.

To reactivate a grayed-out Apply button, edit any interface in the device configuration, then click Save without making changes.

Reapply access control policies to all managed devices.

 Do not reapply your intrusion policies individually; you must reapply all access control policies completely.

When you apply an access control policy, resource demands may result in a small number of packets dropping without inspection. 
Additionally, applying some configurations requires the Snort process to restart, which interrupts traffic inspection. Whether traffic 
drops during this interruption or passes without further inspection depends on the model of the managed device and how it handles 
traffic. For more information, see the Configurations that Restart the Snort Process section of the FireSIGHT System User Guide.

If a patch for Version 5.4.1.8 is available on the Support site, apply the latest patch as described in the FireSIGHT System Release Notes 
for that version. You must update to the latest patch to take advantage of the latest enhancements and security fixes.

Updating Managed Devices

After you update your Defense Centers to Version 5.4, Version 5.4.1, or Version 5.4.1.8, use them to update the devices they manage.

A Defense Center must be running at least Version 5.4 to update its managed devices to Version 5.4.1.8. Because they do not have a web 
interface, you must use the Defense Center to update your virtual managed devices, and ASA FirePOWER modules.

Updating managed devices is a two-step process. First, download the update from the Support site and upload it to the managing Defense 
Center. Next, install the software. You can update multiple devices at once, but only if they use the same update file.

When you updated clustered Cisco ASA with FirePOWER Services apply the update one device at a time and allow the update to complete 
before updating the second device.

Before you update an ASA FirePOWER module, set the device clock to the correct time. If an ASA device clock is set to the incorrect time 
before updating, the Access Control Licensing page does not load.

For the Version 5.4.0.9 update, all devices reboot. Series 3 devices do not perform traffic inspection, switching, routing, NAT, VPN, or 
related functions during the update. Depending on how your devices are configured and deployed, the update process may also affect traffic 
flow and link state. For more information, see 

.

 Before you update a managed device, use its managing Defense Center to reapply the appropriate access control policy to the 

managed device. Otherwise, the managed device update may fail.