Cisco Cisco Firepower Management Center 2000

Firepower System Release Notes

Important Update Notes

In an inline deployment, your managed device (depending on the model and how it handles traffic) can affect traffic when you deploy configurations.

The following table provides details on how traffic flow, inspection, and link state are affected during the update, depending on your deployment. 
Note that regardless of how you configured any inline sets, switching, routing, NAT, and VPN are not performed during the update process.

Rebooting the ASA FirePOWER module on an ASA 5585-X, including a reboot that occurs during a module upgrade, causes traffic to drop 

for up to thirty seconds on the interfaces on the ASA FirePOWER hardware module while the module reboots.

Additional Memory Requirements

Version 6.1.0 of the Firepower System requires more memory than the previous versions for some Firepower Management Center models 
(previously referred to as the FireSIGHT Management Center or the Defense Center). To be specific, MC750 requires two 4GB dual in-line memory 
modules (DIMM). Similarly, MC1500 with 6GB of memory also requires additional memory.

Because the increase in memory was driven by Cisco product requirements, Cisco is making memory upgrade kits available for customers with 
these models. These kits can be ordered at no cost by customers who are entitled to run Version 6.1.0 on a qualifying MC750 or MC1500 Firepower 
Management Center model.

For more information on ordering memory kits, see 

http://www.cisco.com/c/en/us/support/docs/field-notices/640/fn64077.html

. For instructions on 

replacing the memory after you receive the kit, see “Memory Upgrade Instructions for Firepower Management Centers” in the Firepower 
Management Center Installation Guide.

Time and Disk Space Requirements

The table below provides disk space and time guidelines for the Version 6.1.0 update. Note that when you use the Firepower Management Center 
to update a managed device, the Firepower Management Center requires additional disk space on its /Volume partition.

Deployment

Network Traffic Interrupted?

Inline with configurable bypass

(Configurable bypass mode enabled 
for inline sets)

Network traffic is interrupted at two points during the update:



At the beginning of the update process, traffic is briefly interrupted while link goes down and up 
(flaps) and the network card switches into hardware bypass. Traffic is not inspected during 
hardware bypass.



After the update finishes, traffic is again briefly interrupted while link flaps and the network card 
switches out of bypass. After the endpoints reconnect and reestablish link with the sensor 
interfaces, traffic is inspected again. 

The configurable bypass option is not supported on NGIPSv devices, ASA with FirePOWER Services, 
non-bypass NetMods on Firepower 8000 Series devices, SFP transceivers on Firepower 7000 Series, or 
Cisco ASA with Firepower Threat Defense devices.

Inline on 7000 and 8000 Series or 
NGIPSv

Network traffic is blocked throughout the update.

Passive on 7000 and 8000 Series or 
NGIPSv

Network traffic is not interrupted, but also is not inspected, during the update.

Routed or transparent interfaces on 
ASA FirePOWER module managed 
by ASDM

If the redirection service policy is set to fail-open, traffic is passed without inspection.

If the redirection service policy is set to fail-close, traffic is blocked.

Clustered Firepower 9300 Security 
Appliances

Upgrading FXOS reboots the chassis, dropping traffic on clustered Firepower Threat Defense blades 
until the primary node comes back online. For more information, see