Cisco Cisco Firepower Management Center 2000
Firepower System Release Notes
Before You Begin: Important Update and Compatibility Notes
12
Configuration and Event Backup Guidelines
Before you begin the update, Cisco strongly recommends that you delete or move any backup files that reside on
your appliance, then back up current event and configuration data to an external location.
your appliance, then back up current event and configuration data to an external location.
Use the Firepower Management Center to back up event and configuration data for itself and the devices it
manages. For more information on the backup and restore feature, see the Firepower Management Center
Configuration Guide.
manages. For more information on the backup and restore feature, see the Firepower Management Center
Configuration Guide.
Version 6.0.1 does not support AMP for Firepower signature lookups with the private AMP cloud. In Version 6.0,
the system automatically submits SHA-256 signatures to the public AMP cloud. If you have a private AMP cloud
and are receiving events from endpoints, the Version 6.0 Firepower Management Center will continue to receive
those events without any additional changes to your configuration.
the system automatically submits SHA-256 signatures to the public AMP cloud. If you have a private AMP cloud
and are receiving events from endpoints, the Version 6.0 Firepower Management Center will continue to receive
those events without any additional changes to your configuration.
Note:
The Firepower Management Center purges locally stored backups from previous updates. To retain archived
backups, store the backups externally.
Firepower Management Center High Availability in Version 6.0.x
Although the configuration options for Firepower Management Center high availability appear in the Integration
page of the user interface, high availability is not supported for Firepower Management Centers in this release.
page of the user interface, high availability is not supported for Firepower Management Centers in this release.
Do not attempt to place Firepower Management Centers into high availability.
Traffic Flow and Inspection During the Update
The update process reboots managed devices and might restart the Snort process. Depending on how your
devices are configured and deployed, the following capabilities could be affected:
devices are configured and deployed, the following capabilities could be affected:
traffic inspection, including application awareness and control, user control, URL filtering, Security
Intelligence, intrusion detection and prevention, and connection logging
Intelligence, intrusion detection and prevention, and connection logging
traffic flow, including switching, routing, NAT, VPN, and related functionality
link state
Note that when you update 8000 Series clusters or stack pairs, the system performs the update one device at a
time to avoid traffic interruption. When you update clustered Cisco ASA with FirePOWER Services devices, apply
the update one device at a time, allowing the update to complete before updating the second device.
time to avoid traffic interruption. When you update clustered Cisco ASA with FirePOWER Services devices, apply
the update one device at a time, allowing the update to complete before updating the second device.
The following table explains how Snort restarts affect traffic inspection. It is reasonable to anticipate that the
product update could affect traffic similarly.
product update could affect traffic similarly.
Table 4
Restart Traffic Effects by Managed Device Model
On this managed device
model...
model...
Configured as...
Traffic during restart is...
7000 Series, 8000 Series,
NGIPSv, Firepower Threat
Defense, and Firepower Threat
Defense Virtual
NGIPSv, Firepower Threat
Defense, and Firepower Threat
Defense Virtual
Inline with Failsafe enabled or
disabled, or inline tap mode
disabled, or inline tap mode
Passed without inspection (a few packets
might drop if Failsafe is disabled and
Snort is busy but not down)
might drop if Failsafe is disabled and
Snort is busy but not down)
Passive
Uninterrupted and not inspected
7000 Series and 8000 Series
Routed, switched, or transparent
Dropped
Firepower Threat Defense
Routed or transparent
Dropped
Cisco ASA with FirePOWER
Services
Services
Routed or transparent with fail-open
(Permit Traffic)
(Permit Traffic)
Passed without inspection
Routed or transparent with fail-close
(Close Traffic)
(Close Traffic)
Dropped