Cisco Cisco Firepower Management Center 2000
14
FireSIGHT System Release Notes
Installing the Update
asasfr-sys-5.4.0-763.pkg
for Cisco ASA with FirePOWER Services (ASA5506-X, ASA5506H-X, ASA5506W-X, ASA5508-X, and ASA5516-X):
asasfr-5500X-boot-5.4.1-211.img
asafr-sys-5.4.1-211.pkg
Note
: To install the ASA FirePOWER module Version 5.4.1.5 image on Cisco ASA with FirePOWER Services, see the Cisco
ASA FirePOWER Module Quick Start Guide for more information on deploying and installing the module.
Installing the Update
Before you begin the update, you must thoroughly read and understand these release notes, especially
.
To update Defense Centers running at least Version 5.4.1 to Version 5.4.1.5, ASA FirePOWER modules (ASA5506-X, ASA5506H-X,
ASA5506W-X, ASA5508-X, and ASA5516-X) running at least Version 5.4.1 to Version 5.4.1.5, and managed devices and ASA
FirePOWER modules (ASA5512-X, ASA5515-X, ASA5525-X, ASA5545-X, ASA5555-X, ASA5585-X-SSP-10, ASA5585-X-SSP-20,
ASA5585-X-SSP-40, and ASA5585-X-SSP-60) running at least Version 5.4 of the FireSIGHT System to Version 5.4.0.6, see the guidelines
and procedures outlined below:
ASA5506W-X, ASA5508-X, and ASA5516-X) running at least Version 5.4.1 to Version 5.4.1.5, and managed devices and ASA
FirePOWER modules (ASA5512-X, ASA5515-X, ASA5525-X, ASA5545-X, ASA5555-X, ASA5585-X-SSP-10, ASA5585-X-SSP-20,
ASA5585-X-SSP-40, and ASA5585-X-SSP-60) running at least Version 5.4 of the FireSIGHT System to Version 5.4.0.6, see the guidelines
and procedures outlined below:
Caution:
Do not reboot or shut down your appliances during the update until you see the login prompt. The system may appear inactive
during the pre-checks portion of the update; this is expected behavior and does not require you to reboot or shut down your appliances.
When to Perform the Update
Because the update process may affect traffic inspection, traffic flow, and link state, Cisco strongly recommends you perform the update in
a maintenance window or at a time when the interruption will have the least impact on your deployment.
a maintenance window or at a time when the interruption will have the least impact on your deployment.
Installation Method
Use the Defense Center’s web interface to perform the update. Update the Defense Center first, then use it to update the devices it manages.
Order of Installation
Update your Defense Centers before updating the devices they manage.
Caution:
Version 5.4.1.5 introduces the ability to control system retry of URL cache miss lookups. URL category determination can
introduce up to two seconds of delay in packet delivery, depending on local network conditions. If such delay is not acceptable, URL retry
should not be allowed. Note that without URL retry, URL filtering may not be effective until such time as URL category and reputation
determination completes for each URL. Until that time, packets that would have been filtered based on the URL’s category or reputation
will be filtered based on the Uncategorized category. For more information on preventing URL retry, see
should not be allowed. Note that without URL retry, URL filtering may not be effective until such time as URL category and reputation
determination completes for each URL. Until that time, packets that would have been filtered based on the URL’s category or reputation
will be filtered based on the Uncategorized category. For more information on preventing URL retry, see
Installing the Update on Paired Defense Centers
When you begin to update one Defense Center in a high availability pair, the other Defense Center in the pair becomes the primary, if it is
not already. In addition, the paired Defense Centers stop sharing configuration information; paired Defense Centers do not receive software
updates as part of the regular synchronization process.
not already. In addition, the paired Defense Centers stop sharing configuration information; paired Defense Centers do not receive software
updates as part of the regular synchronization process.
To ensure continuity of operations, do not update paired Defense Centers at the same time. First, complete the update procedure for the
secondary Defense Center, then update the primary Defense Center.
secondary Defense Center, then update the primary Defense Center.