Cisco Cisco Firepower Management Center 2000

Firepower System Release Notes

Before You Begin: Important Update and Compatibility Notes

 

Configuration and Event Backup Guidelines

Before you begin the update, Cisco strongly recommends that you delete or move any backup files that reside on 
your appliance, then back up current event and configuration data to an external location.

Use the Firepower Management Center to back up event and configuration data for itself and the devices it 
manages. For more information on the backup and restore feature, see the Firepower Management Center 
Configuration Guide.

Version 6.0.1 does not support AMP for Firepower signature lookups with the private AMP cloud. In Version 6.0, 
the system automatically submits SHA-256 signatures to the public AMP cloud. If you have a private AMP cloud 
and are receiving events from endpoints, the Version 6.0 Firepower Management Center will continue to receive 
those events without any additional changes to your configuration.

The Firepower Management Center purges locally stored backups from previous updates. To retain archived 

backups, store the backups externally.

Firepower Management Center High Availability in Version 6.0.x

Although the configuration options for Firepower Management Center high availability appear in the Integration 
page of the user interface, high availability is not supported for Firepower Management Centers in this release. 

Do not attempt to place Firepower Management Centers into high availability.

Traffic Flow and Inspection During the Update

The update process reboots managed devices and might restart the Snort process. Depending on how your 
devices are configured and deployed, the following capabilities could be affected:



traffic inspection, including application awareness and control, user control, URL filtering, Security 
Intelligence, intrusion detection and prevention, and connection logging



traffic flow, including switching, routing, NAT, VPN, and related functionality



link state

Note that when you update 8000 Series clusters or stack pairs, the system performs the update one device at a 
time to avoid traffic interruption. When you update clustered Cisco ASA with FirePOWER Services devices, apply 
the update one device at a time, allowing the update to complete before updating the second device.

The following table explains how Snort restarts affect traffic inspection. It is reasonable to anticipate that the 
product update could affect traffic similarly.

Restart Traffic Effects by Managed Device Model

7000 Series, 8000 Series, 
NGIPSv, Firepower Threat 
Defense, and Firepower Threat 
Defense Virtual

Inline with Failsafe enabled or 
disabled, or inline tap mode

Passed without inspection (a few packets 
might drop if Failsafe is disabled and 
Snort is busy but not down)

Passive

Uninterrupted and not inspected

7000 Series and 8000 Series

Routed, switched, or transparent

Dropped

Firepower Threat Defense

Routed or transparent

Dropped

Cisco ASA with FirePOWER 
Services 

Routed or transparent with fail-open 
(Permit Traffic)

Passed without inspection

Routed or transparent with fail-close 
(Close Traffic)

Dropped