Cisco Cisco Firepower Management Center 2000
Version 5.3
Sourcefire 3D System Release Notes
12
Before You Begin: Important Update and Compatibility Notes
Note that when you update clustered devices, the system performs the update
one device at a time to avoid traffic interruption.
Traffic Inspection and Link State
In an inline deployment, your managed devices (depending on model) can affect
traffic flow via application control, user control, URL filtering, Security
Intelligence, and intrusion prevention, as well as switching, routing, NAT, and
VPN. In a passive deployment, you can perform intrusion detection and collect
discovery data without affecting network traffic flow. For more information on
appliance capabilities, see the Sourcefire 3D System Installation Guide.
The following table provides details on how traffic flow, inspection, and link state
The following table provides details on how traffic flow, inspection, and link state
are affected during the update, depending on your deployment. Note that
regardless of how you configured any inline sets, switching, routing, NAT, and
VPN are not performed during the update process.
.
Switching and Routing
Managed devices do not perform switching, routing, NAT, VPN, or related
functions during the update. If you configured your devices to perform only
switching and routing, network traffic is blocked throughout the update.
Audit Logging During the Update
When updating appliances that have a web interface, after the Sourcefire 3D
System completes its pre-update tasks and the streamlined update interface
page appears, login attempts to the appliance are not reflected in the audit log
until the update process is complete and the appliance reboots.
Network Traffic Interruption
D
EPLOYMENT
N
ETWORK
T
RAFFIC
I
NTERRUPTED
?
Inline with
configurable bypass
(Configurable bypass
(Configurable bypass
option enabled for
inline sets)
Network traffic is interrupted at two points during the update:
• At the beginning of the update process, traffic is briefly interrupted while
• At the beginning of the update process, traffic is briefly interrupted while
link goes down and up (flaps) and the network card switches into hardware
bypass. Traffic is not inspected during hardware bypass.
• After the update finishes, traffic is again briefly interrupted while link flaps
and the network card switches out of bypass. After the endpoints reconnect
and reestablish link with the sensor interfaces, traffic is inspected again.
IMPORTANT!
The configurable bypass option is not supported on virtual
devices, non-bypass NetMods on 8000 Series devices, or SFP transceivers on
71xx Family devices.
Inline
Network traffic is blocked throughout the update.
Passive
Network traffic is not interrupted, but also is not inspected during the update.