Cisco Cisco Firepower Management Center 2000 Notas de publicación

FireSIGHT System Release Notes

Before You Begin: Important Update and Compatibility Notes

The following table provides details on how traffic flow, inspection, and link state are affected during the update, depending on your 
deployment. Note that regardless of how you configured any inline sets, switching, routing, NAT, and VPN are not performed during the 
update process.

Series 3 devices do not perform switching, routing, NAT, VPN, or related functions during the update. If you configured your devices to 
perform only switching and routing, network traffic is blocked throughout the update.

Audit Logging During the Update

When updating appliances that have a web interface, after the system completes its pre-update tasks and the streamlined update interface 
page appears, login attempts to the appliance are not reflected in the audit log until the update process is complete and the appliance reboots.

Version Requirements for Updating to Version 5.4.0.6 and Version 5.4.1.5

To update to Version 5.4.1.5, a Defense Center must be running at least Version 5.4. Defense Centers running Version 5.4.1.1 can manage 
devices running Version 5.4.0.6 and Version 5.4.1.5. If you are running an earlier version, you can obtain updates from the Support site.

A Defense Center must be running at least Version 5.4 to update its managed devices to Version 5.4.1.5.

The closer your device’s or ASA module’s current version to the release version (Version 5.4.0.6 or Version 5.4.1.5), the less time the update 
takes.

 BIOs Version 2.0.1b must be running on DC2000 and DC4000 in order to update to your appliances to Version 5.4.1.1 or later. If 

updating your appliances fails due to an earlier BIOs version running on your DC2000 or DC4000, contact Support. 

 If you plan on updating the system to Version 6.0, you must install the FireSIGHT System Version 6.0 Pre-Installation package prior 

to updating the Version 6.0. For more information, see the 

Time and Disk Space Requirements for Updating to Version 5.4.0.6 and Version 5.4.1.5

The table below provides disk space and time guidelines for the Version 5.4.0.6 and Version 5.4.1.5 update. Note that when you use the 
Defense Center to update a managed device, the Defense Center requires additional disk space on its /Volume partition.

 Do not restart the update or reboot your appliance at any time during the update process. Cisco provides time estimates as a guide, 

but actual update times vary depending on the appliance model, deployment, and configuration. Note that the system may appear inactive 
during the pre-checks portion of the update and after rebooting; this is expected behavior. 

Deployment

Network Traffic Interrupted?

Inline with configurable bypass

(Configurable bypass option 
enabled for inline sets)

Network traffic is interrupted at two points during the update:



At the beginning of the update process, traffic is briefly interrupted while link goes down and up 
(flaps) and the network card switches into hardware bypass. Traffic is not inspected during 
hardware bypass.



After the update finishes, traffic is again briefly interrupted while link flaps and the network card 
switches out of bypass. After the endpoints reconnect and reestablish link with the sensor 
interfaces, traffic is inspected again. 

The configurable bypass option is not supported on virtual devices, , Cisco ASA with FirePOWER 
Services, non-bypass NetMods on 8000 Series devices, or SFP transceivers on 71xx Family 
devices.

Inline

Network traffic is blocked throughout the update.

Passive

Network traffic is not interrupted, but also is not inspected during the update.