Cisco Cisco Firepower Management Center 2000
Firepower System Release Notes
Installing the Update
20
Step 13
Verify that the appliances in your deployment are successfully communicating and that there are no
issues reported by the health monitor.
issues reported by the health monitor.
Step 14
If the rule update available on the Support site is newer than the rules on your Firepower Management
Center, import the newer rules. Do not auto-apply the imported rules at this time.
Center, import the newer rules. Do not auto-apply the imported rules at this time.
For information on rule updates, see the Firepower Management Center Configuration Guide.
Step 15
If the VDB available on the Support site is newer than the VDB on your Firepower Management Center,
install the latest VDB.
install the latest VDB.
Installing a VDB update causes a short pause in traffic flow and processing, and may also cause a few packets to
pass uninspected. For more information, see the Firepower Management Center Configuration Guide.
pass uninspected. For more information, see the Firepower Management Center Configuration Guide.
Step 16
Redeploy your configurations to all managed devices.
Deployment may cause a short pause in traffic flow and processing, and may also cause a few packets to pass
uninspected. For more information, see the Firepower Management Center Configuration Guide.
uninspected. For more information, see the Firepower Management Center Configuration Guide.
Step 17
If a patch for Version 6.0.1.2 is available on the Support site, apply the latest patch as described in the
Firepower System Release Notes for that version.
Firepower System Release Notes for that version.
Caution:
When you deploy configurations, resource demands may result in a small number of packets
dropping without inspection. Additionally, deploying some configurations requires the Snort process to
restart, which interrupts traffic inspection. Whether traffic drops during this interruption or passes without
further inspection depends on the model of the managed device and how it handles traffic. For more
information, see the Configurations that Restart the Snort Process section of the Firepower Management
Center Configuration Guide.
restart, which interrupts traffic inspection. Whether traffic drops during this interruption or passes without
further inspection depends on the model of the managed device and how it handles traffic. For more
information, see the Configurations that Restart the Snort Process section of the Firepower Management
Center Configuration Guide.
You must update to the latest patch to take advantage of the latest enhancements and security fixes.
Caution:
Although the configuration options for Firepower Management Center high availability appear in the
Integration page of the user interface, high availability is not supported for Firepower Management Centers
in Version 6.0.1. Do not attempt to place Firepower Management Centers into high availability.
in Version 6.0.1. Do not attempt to place Firepower Management Centers into high availability.
Updating 7000 Series, 8000 Series, NGIPSv, and ASA FirePOWER
After you update your Firepower Management Centers to Version 6.0.1.2, use them to update the devices they
manage.
manage.
You must use a Firepower Management Center running Version 6.0 to update any managed device that does not
have its own web interface. For Cisco ASA with FirePOWER Services running on the ASA 5506-X, ASA 5506H-X,
ASA 5506W-X, ASA 5508-X, or ASA 5516-X, you can update the module using the Firepower Management
Center or connect to the ASA device and update the ASA FirePOWER module using local management via ASDM.
For more information see the Cisco ASA with FirePOWER Services Local Management Release Notes.
have its own web interface. For Cisco ASA with FirePOWER Services running on the ASA 5506-X, ASA 5506H-X,
ASA 5506W-X, ASA 5508-X, or ASA 5516-X, you can update the module using the Firepower Management
Center or connect to the ASA device and update the ASA FirePOWER module using local management via ASDM.
For more information see the Cisco ASA with FirePOWER Services Local Management Release Notes.
Updating managed devices is a two-step process. First, download the update from the Support site and upload
it to the managing Firepower Management Center. Next, install the software. You can update multiple devices at
once, but only if they use the same update file.
it to the managing Firepower Management Center. Next, install the software. You can update multiple devices at
once, but only if they use the same update file.
When you update clustered Cisco ASA with FirePOWER Services, apply the update one device at a time, allowing
the update to complete before updating the second device.
the update to complete before updating the second device.
For the Version 6.0.1.2 update, all devices reboot. 7000 Series and 8000 Series devices do not perform traffic
inspection, switching, routing, NAT, VPN, or related functions during the update. Firepower Threat Defense do not
perform VPN functions. Depending on how your devices are configured and deployed, the update process may
also affect traffic flow and link state. For more information, see
inspection, switching, routing, NAT, VPN, or related functions during the update. Firepower Threat Defense do not
perform VPN functions. Depending on how your devices are configured and deployed, the update process may
also affect traffic flow and link state. For more information, see