Cisco Cisco Firepower Management Center 2000 Notas de publicación
19
FireSIGHT System Release Notes
Installing the Update
Cisco_Network_Sensor_Upgrade-5.4.1.5-22.sh
4.
Upload the update to the Defense Center by selecting System > Updates, then clicking Upload Update on the Product Updates tab.
Browse to the update and click Upload.
Browse to the update and click Upload.
The update is uploaded to the Defense Center. The web interface shows the type of update you uploaded, its version number, and the
date and time it was generated. The page also indicates whether a reboot is required as part of the update.
date and time it was generated. The page also indicates whether a reboot is required as part of the update.
5.
Make sure that the appliances in your deployment are successfully communicating and that there are no issues reported by the health
monitor.
monitor.
6.
Click the install icon next to the update you are installing.
7.
Select the devices where you want to install the update.
If you are updating a stacked pair, selecting one member of the pair automatically selects the other. You must update members of a
stacked pair together.
stacked pair together.
8.
Click Install. Confirm that you want to install the update and reboot the devices.
9.
The update process begins. You can monitor the update's progress in the Defense Center’s task queue (System > Monitoring > Task
Status).
Status).
Note that managed devices may reboot twice during the update; this is expected behavior.
Caution:
If you encounter issues with the update (for example, if the task queue indicates that the update has failed or if a manual
refresh of the task queue shows no progress for several minutes), do not restart the update. Instead, contact Support.
10.
Select Devices > Device Management and confirm that the devices you updated have the correct software version: Version 5.4.0.6.
11.
Verify that the appliances in your deployment are successfully communicating and that there are no issues reported by the health
monitor.
monitor.
12.
Reapply device configurations to all managed devices.
Tip:
To reactivate a grayed-out Apply button, edit any interface in the device configuration, then click Save without making changes.
13.
Reapply access control policies to all managed devices.
Applying an access control policy may cause a short pause in traffic flow and processing, and may also cause a few packets to pass
uninspected. For more information, see the FireSIGHT System User Guide.
uninspected. For more information, see the FireSIGHT System User Guide.
14.
If a patch for Version 5.4.0.6 is available on the Support site, apply the latest patch as described in the FireSIGHT System Release Notes
for that version.
for that version.
You must update to the latest patch to take advantage of the latest enhancements and security fixes.
Caution:
When using URL Filtering with Do not retry URL cache miss lookup disabled to allow URL retry, the system delays packets
for URLs that have not been previously seen by the firewall while the URL category and reputation are determined so URL filtering rules
can be resolved. Until the lookup of the URL category and reputation is completed, or the lookup request times out, in inline, routed, or
transparent deployments the packet will be held at the firewall. If a two second time limit is reached without the category and reputation
determination completing, the URL category Uncategorized is used with no reputation, and rule evaluation proceeds. URL category
determination can introduce up to two seconds of delay in packet delivery, depending on local network conditions. If such delay is not
acceptable, URL retry should not be allowed. Note that without URL retry, URL filtering may not be effective until such time as URL
category and reputation determination completes for each URL. Until that time, packets that would have been filtered based on the URL’s
category or reputation will be filtered based on the Uncategorized category. To disable URL retry, check the Do not retry URL cache miss
lookup option in the General advanced settings of the access control policy (Policies > Access Control > edit policy > Advanced > edit
General Settings). Note that this option is disabled and URL retry is allowed by default.
can be resolved. Until the lookup of the URL category and reputation is completed, or the lookup request times out, in inline, routed, or
transparent deployments the packet will be held at the firewall. If a two second time limit is reached without the category and reputation
determination completing, the URL category Uncategorized is used with no reputation, and rule evaluation proceeds. URL category
determination can introduce up to two seconds of delay in packet delivery, depending on local network conditions. If such delay is not
acceptable, URL retry should not be allowed. Note that without URL retry, URL filtering may not be effective until such time as URL
category and reputation determination completes for each URL. Until that time, packets that would have been filtered based on the URL’s
category or reputation will be filtered based on the Uncategorized category. To disable URL retry, check the Do not retry URL cache miss
lookup option in the General advanced settings of the access control policy (Policies > Access Control > edit policy > Advanced > edit
General Settings). Note that this option is disabled and URL retry is allowed by default.