Cisco Cisco Content Security Management Appliance M390 Mode D'Emploi
14-20
AsyncOS 10.0 for Cisco Content Security Management Appliances User Guide
Chapter 14 Common Administrative Tasks
Upgrading AsyncOS
Determining Network Requirements for Upgrades and Updates
The update servers for Cisco content security appliances use dynamic IP addresses. If you have strict
firewall policies, you may need to configure a static location for AsyncOS upgrades. If you determine
that your firewall settings require a static IP for upgrades, contact Cisco Customer support to obtain the
required URL addresses.
firewall policies, you may need to configure a static location for AsyncOS upgrades. If you determine
that your firewall settings require a static IP for upgrades, contact Cisco Customer support to obtain the
required URL addresses.
Note
If you have any existing firewall rules allowing download of legacy upgrades from
upgrades.cisco.com
ports such as 22, 25, 80, 4766, they will need to be removed and/or replaced with revised firewall rules.
Choosing an Upgrade Method: Remote vs. Streaming
Cisco provides two methods (or ‘sources’) for upgrading AsyncOS on your appliances:
•
Streaming upgrades — Each appliance downloads the AsyncOS upgrades via HTTP directly from
the Cisco content security update servers.
the Cisco content security update servers.
•
Remote upgrades — You only download the upgrade image from Cisco one time, and then serve it
to your appliances. Your appliances then download the AsyncOS upgrades from a server within your
network.
to your appliances. Your appliances then download the AsyncOS upgrades from a server within your
network.
. Optionally, use the updateconfig command in the CLI.
Streaming Upgrade Overview
In Streaming upgrades, each Cisco Content Security appliance connects directly to the Cisco content
security update servers to find and download upgrades:
security update servers to find and download upgrades:
Figure 14-3
Streaming Update Method
This method requires that your appliance contacts the Cisco content security update servers directly from
the network.
the network.
Remote Upgrade Overview
You can also download and host updates to AsyncOS locally from within your own network (Remote
Upgrade) rather than obtaining updates directly from the Cisco update servers (Streaming Upgrades).
Using this feature, an encrypted update image downloaded via HTTP to any server in your network that
has access to the Internet. If you choose to download the update image, you can then configure an
internal HTTP server (an “update manager”) to host the AsyncOS images to your Security Management
appliances.
Upgrade) rather than obtaining updates directly from the Cisco update servers (Streaming Upgrades).
Using this feature, an encrypted update image downloaded via HTTP to any server in your network that
has access to the Internet. If you choose to download the update image, you can then configure an
internal HTTP server (an “update manager”) to host the AsyncOS images to your Security Management
appliances.