Cisco Cisco FirePOWER Appliance 7050 Notas de publicación
Version 5.2.0.9
Sourcefire 3D System Release Notes
3
Before You Begin: Important Update and Compatibility Notes
Traffic Flow and Inspection During the Update
The update process (and any uninstallation of the update) reboots all appliances.
Depending on how your devices are configured and deployed, the following
capabilities are affected:
•
traffic inspection, including application awareness and control, URL filtering,
Security Intelligence, intrusion detection and prevention, and connection
logging
•
traffic flow, including switching, routing, NAT, VPN, and related functionality
•
link state
Note that when you update clustered or clustered stacked devices, the system
performs the update one device or stack at a time to avoid traffic interruption.
Traffic Inspection and Link State
In an inline deployment, your managed devices (depending on model) can affect
traffic flow via application control, user control, URL filtering, Security
Intelligence, and intrusion prevention, as well as switching, routing, NAT, and
VPN. In a passive deployment, you can perform intrusion detection and collect
discovery data without affecting network traffic flow. For more information on
appliance capabilities, see the Sourcefire 3D System Installation Guide.
The following table provides details on how traffic flow, inspection, and link state
The following table provides details on how traffic flow, inspection, and link state
are affected during the update, depending on your deployment. Note that
regardless of how you configured any inline sets, switching, routing, NAT, and
VPN are not performed during the update process.
.
Network Traffic Interruption
D
EPLOYMENT
N
ETWORK
T
RAFFIC
I
NTERRUPTED
?
Inline with
configurable bypass
(Failopen option
(Failopen option
enabled for inline
sets)
Network traffic is interrupted at two points during the update:
• At the beginning of the update process, traffic is briefly interrupted while
• At the beginning of the update process, traffic is briefly interrupted while
link goes down and up (flaps) and the network card switches into hardware
bypass. Traffic is not inspected during hardware bypass.
• After the update finishes, traffic is again briefly interrupted while link flaps
and the network card switches out of bypass. After the endpoints reconnect
and reestablish link with the sensor interfaces, traffic is inspected again.
IMPORTANT!
The configurable bypass option is not supported on virtual
devices, non-bypass NetMods on 8000 Series devices, or SFP transceivers on
71xx Family devices.
Inline
Network traffic is blocked throughout the update.
Passive
Network traffic is not interrupted, but also is not inspected during the update.