Cisco Cisco Firepower Management Center 4000
53-2
FireSIGHT System User Guide
Chapter 53 Updating System Software
Performing Software Updates
Note that while you can uninstall patches and other minor updates to the FireSIGHT System, you cannot
uninstall major updates or return to previous versions of the VDB, GeoDB, or intrusion rules. If you
updated your appliance to a new major version of the FireSIGHT System, and you need to revert to an
older version, contact Support.
uninstall major updates or return to previous versions of the VDB, GeoDB, or intrusion rules. If you
updated your appliance to a new major version of the FireSIGHT System, and you need to revert to an
older version, contact Support.
Performing Software Updates
License:
Any
There are a few basic steps to updating your FireSIGHT System deployment. First, you must prepare for
the update, including reading the release notes and completing any required pre-update tasks. Then, you
can begin the update — first update your Defense Centers, then the devices they manage. You must
monitor the update’s progress until it completes, then verify the update’s success. Finally, complete any
required post-update steps.
the update, including reading the release notes and completing any required pre-update tasks. Then, you
can begin the update — first update your Defense Centers, then the devices they manage. You must
monitor the update’s progress until it completes, then verify the update’s success. Finally, complete any
required post-update steps.
For more information, see the following sections:
•
•
•
•
Table 53-1
FireSIGHT System Update Types
Update Type
Description
Schedule?
Uninstall?
patches to the FireSIGHT
System
System
Patches include a limited range of fixes (and usually change the
fourth digit in the version number; for example, 5.0.0.1).
fourth digit in the version number; for example, 5.0.0.1).
yes
yes
feature updates to the
FireSIGHT System
FireSIGHT System
Feature updates are more comprehensive than patches and
generally include new features (and usually change the third digit
in the version number; for example, 5.0.1).
generally include new features (and usually change the third digit
in the version number; for example, 5.0.1).
yes
yes
major updates (major and
minor version releases) to
the FireSIGHT System
minor version releases) to
the FireSIGHT System
Major updates, sometimes referred to as upgrades, include new
features and functionality and may entail large-scale changes to the
product (and usually change the first or second digit in the version
number; for example, 5.2 or 5.3).
features and functionality and may entail large-scale changes to the
product (and usually change the first or second digit in the version
number; for example, 5.2 or 5.3).
no
no
VDB
VDB updates affect the vulnerabilities reported by the FireSIGHT
System as well as the detected operating systems, applications, and
clients.
System as well as the detected operating systems, applications, and
clients.
yes
no
intrusion rules
Intrusion rule updates provide new and updated intrusion rules and
preprocessor rules, modified states for existing rules, and modified
default intrusion policy settings. Rule updates may also delete
rules, provide new rule categories and default variables, and
modify default variable values.
preprocessor rules, modified states for existing rules, and modified
default intrusion policy settings. Rule updates may also delete
rules, provide new rule categories and default variables, and
modify default variable values.
yes
no
geolocation database
(GeoDB)
(GeoDB)
GeoDB updates provide updated information on physical
locations, connection types, and so on that your system can
associate with detected routable IP addresses. You can use
geolocation data as a condition in access control rules. You must
install the GeoDB to view geolocation details.
locations, connection types, and so on that your system can
associate with detected routable IP addresses. You can use
geolocation data as a condition in access control rules. You must
install the GeoDB to view geolocation details.
The DC500 Defense Center does not support this feature.
yes
no