Cisco Cisco Firepower Management Center 2000 Notas de publicación
10
FireSIGHT System Release Notes
Before You Begin: Important Update and Compatibility Notes
The following table provides details on how traffic flow, inspection, and link state are affected during the update, depending on your
deployment. Note that regardless of how you configured any inline sets, switching, routing, NAT, and VPN are not performed during the
update process.
deployment. Note that regardless of how you configured any inline sets, switching, routing, NAT, and VPN are not performed during the
update process.
Switching and Routing
Series 3 devices do not perform switching, routing, NAT, VPN, or related functions during the update. If you configured your devices to
perform only switching and routing, network traffic is blocked throughout the update.
perform only switching and routing, network traffic is blocked throughout the update.
Audit Logging During the Update
When updating appliances that have a web interface, after the system completes its pre-update tasks and the streamlined update interface
page appears, login attempts to the appliance are not reflected in the audit log until the update process is complete and the appliance reboots.
page appears, login attempts to the appliance are not reflected in the audit log until the update process is complete and the appliance reboots.
Version Requirements for Updating to Version 5.4.0.6 and Version 5.4.1.5
To update to Version 5.4.1.5, a Defense Center must be running at least Version 5.4. Defense Centers running Version 5.4.1.1 can manage
devices running Version 5.4.0.6 and Version 5.4.1.5. If you are running an earlier version, you can obtain updates from the Support site.
devices running Version 5.4.0.6 and Version 5.4.1.5. If you are running an earlier version, you can obtain updates from the Support site.
A Defense Center must be running at least Version 5.4 to update its managed devices to Version 5.4.1.5.
The closer your device’s or ASA module’s current version to the release version (Version 5.4.0.6 or Version 5.4.1.5), the less time the update
takes.
takes.
Caution:
BIOs Version 2.0.1b must be running on DC2000 and DC4000 in order to update to your appliances to Version 5.4.1.1 or later. If
updating your appliances fails due to an earlier BIOs version running on your DC2000 or DC4000, contact Support.
Note:
If you plan on updating the system to Version 6.0, you must install the FireSIGHT System Version 6.0 Pre-Installation package prior
to updating the Version 6.0. For more information, see the
Time and Disk Space Requirements for Updating to Version 5.4.0.6 and Version 5.4.1.5
The table below provides disk space and time guidelines for the Version 5.4.0.6 and Version 5.4.1.5 update. Note that when you use the
Defense Center to update a managed device, the Defense Center requires additional disk space on its /Volume partition.
Defense Center to update a managed device, the Defense Center requires additional disk space on its /Volume partition.
Caution:
Do not restart the update or reboot your appliance at any time during the update process. Cisco provides time estimates as a guide,
but actual update times vary depending on the appliance model, deployment, and configuration. Note that the system may appear inactive
during the pre-checks portion of the update and after rebooting; this is expected behavior.
during the pre-checks portion of the update and after rebooting; this is expected behavior.
Table 2
Network Traffic Interruptions
Deployment
Network Traffic Interrupted?
Inline with configurable bypass
(Configurable bypass option
enabled for inline sets)
enabled for inline sets)
Network traffic is interrupted at two points during the update:
At the beginning of the update process, traffic is briefly interrupted while link goes down and up
(flaps) and the network card switches into hardware bypass. Traffic is not inspected during
hardware bypass.
(flaps) and the network card switches into hardware bypass. Traffic is not inspected during
hardware bypass.
After the update finishes, traffic is again briefly interrupted while link flaps and the network card
switches out of bypass. After the endpoints reconnect and reestablish link with the sensor
interfaces, traffic is inspected again.
switches out of bypass. After the endpoints reconnect and reestablish link with the sensor
interfaces, traffic is inspected again.
The configurable bypass option is not supported on virtual devices, , Cisco ASA with FirePOWER
Services, non-bypass NetMods on 8000 Series devices, or SFP transceivers on 71xx Family
devices.
Services, non-bypass NetMods on 8000 Series devices, or SFP transceivers on 71xx Family
devices.
Inline
Network traffic is blocked throughout the update.
Passive
Network traffic is not interrupted, but also is not inspected during the update.