Cisco Cisco Firepower Management Center 2000 Release Notes
Firepower System Release Notes
Installing the Update
17
Caution:
Do not use the web interface to perform any other tasks until the update completes and the
Firepower Management Center reboots. Before the update completes, the web interface may become
unavailable and the Firepower Management Center may log you out. This is expected behavior; log in again
to view the task queue. If the update is still running, do not use the web interface until the update completes.
If you encounter issues with the update (for example, if the task queue indicates that the update has failed or
if a manual refresh of the task queue shows no progress for several minutes), do not restart the update.
Instead, contact Support.
unavailable and the Firepower Management Center may log you out. This is expected behavior; log in again
to view the task queue. If the update is still running, do not use the web interface until the update completes.
If you encounter issues with the update (for example, if the task queue indicates that the update has failed or
if a manual refresh of the task queue shows no progress for several minutes), do not restart the update.
Instead, contact Support.
Step 9
After the update finishes, clear your browser cache and force a reload of the browser. Otherwise, the user
interface may exhibit unexpected behavior.
interface may exhibit unexpected behavior.
Step 10
Log into the Firepower Management Center.
Step 11
Review and accept the End User License Agreement (EULA). Note that you are logged out of the
appliance if you do not accept the EULA.
appliance if you do not accept the EULA.
Step 12
Select Help > About and confirm that the software version is listed correctly: Version 6.0.0.1. Also note
the versions of the intrusion rule update and VDB on the Firepower Management Center; you will need
this information later.
the versions of the intrusion rule update and VDB on the Firepower Management Center; you will need
this information later.
Step 13
Verify that the appliances in your deployment are successfully communicating and that there are no
issues reported by the health monitor.
issues reported by the health monitor.
Step 14
If the rule update available on the Support site is newer than the rules on your Firepower Management
Center, import the newer rules. Do not auto-apply the imported rules at this time.
Center, import the newer rules. Do not auto-apply the imported rules at this time.
For information on rule updates, see the Firepower Management Center Configuration Guide.
Step 15
If the VDB available on the Support site is newer than the VDB on your Firepower Management Center,
install the latest VDB.
install the latest VDB.
Installing a VDB update causes a short pause in traffic flow and processing, and may also cause a few packets
to pass uninspected. For more information, see the Firepower Management Center Configuration Guide.
to pass uninspected. For more information, see the Firepower Management Center Configuration Guide.
Step 16
Redeploy your configurations to all managed devices.
Deployment may cause a short pause in traffic flow and processing, and may also cause a few packets to pass
uninspected. For more information, see the Firepower Management Center Configuration Guide.
uninspected. For more information, see the Firepower Management Center Configuration Guide.
Step 17
If a patch for Version 6.0.0.1 is available on the Support site, apply the latest patch as described for that
version.
version.
You must update to the latest patch to take advantage of the latest enhancements and security fixes.
Caution:
After updating the system to Version 6.0.0.1, you
must
download and install
Sourcefire_hotfix_6.0.0-k-build_3.tar
from the Support site. If you do not install
Sourcefire_hotfix_6.0.0-k-build_3.tar
after updating to Version 6.0.0.1, the Firepower Management Center
fails to update access control rules referencing intrusion policies containing shared objects rules with the
generator ID (GID) of 3 even though the Message center displays the deploy successful.
generator ID (GID) of 3 even though the Message center displays the deploy successful.
Caution:
When using URL Filtering with
Retry URL cache miss lookup
enabled to allow URL retry, the system delays
packets for URLs that have not been previously seen by the firewall while the URL category and reputation
are determined so URL filtering rules can be resolved. Until the lookup of the URL category and reputation is
completed, or the lookup request times out, in inline, routed, or transparent deployments the packet will be
held at the firewall. If a two second time limit is reached without the category and reputation determination
completing the URL category
are determined so URL filtering rules can be resolved. Until the lookup of the URL category and reputation is
completed, or the lookup request times out, in inline, routed, or transparent deployments the packet will be
held at the firewall. If a two second time limit is reached without the category and reputation determination
completing the URL category
Uncategorized
is used with no reputation, and rule evaluation proceeds. URL
category determination can introduce up to two seconds of delay in packet delivery, depending on local
network conditions. If such delay is not acceptable, URL retry should be disabled. Note that with URL retry
disabled, URL filtering may not be effective until such time as URL category and reputation determination
completes for each URL. Until that time, packets that would have been filtered based on the URL’s category
or reputation will be filtered based on the
network conditions. If such delay is not acceptable, URL retry should be disabled. Note that with URL retry
disabled, URL filtering may not be effective until such time as URL category and reputation determination
completes for each URL. Until that time, packets that would have been filtered based on the URL’s category
or reputation will be filtered based on the
Uncategorized
category. To disable URL retry, clear the
Retry URL cache