Manualsbrain.com
  1. Manuali
  2. Marche
  3. Cisco
  4. Cisco Firepower Management Center 2000

Cisco Cisco Firepower Management Center 2000

Scarica
Pagina di 50
10
FireSIGHT System Release Notes
Before You Begin: Important Update and Compatibility Notes
Link State
In 7000 Series and 8000 Series inline deployments with Bypass enabled, network traffic is interrupted at two points during the update:
At the beginning of the update process, traffic is briefly interrupted while link goes down and up (flaps) and the network card switches 
into hardware bypass. Traffic is not inspected during hardware bypass.
After the update finishes, traffic is again briefly interrupted while link flaps, and the network card switches out of bypass. After the 
endpoints reconnect and reestablish link with the sensor interfaces, traffic is inspected again.
Note:
 The configurable Bypass option is not supported on Cisco ASA with FirePOWER Services, non-bypass NetMods on 8000 Series 
devices, or SFP transceivers on 71xx Family devices.
Switching and Routing
Series 3 devices do not perform switching, routing, NAT, VPN, or related functions during the update. If you configured your devices to 
perform only switching and routing, network traffic is blocked throughout the update.
Audit Logging During the Update
When updating appliances that have a web interface, after the system completes its pre-update tasks and the streamlined update interface 
page appears, login attempts to the appliance are not reflected in the audit log until the update process is complete and the appliance reboots.
Version Requirements for Updating to Version 5.4.0.9 and Version 5.4.1.8
To update to Version 5.4.1.8, a Defense Center must be running at least Version 5.4. Defense Centers running Version 5.4.1.1 and later can 
manage devices running Version 5.4.0.9 and Version 5.4.1.8. If you are running an earlier version, you can obtain updates from the Support 
site.
Caution:
 BIOS Version 2.0.1b must be running on DC2000 and DC4000 appliances in order to update to version 5.4.1.1 or later. If updating 
your appliances fails due to an incompatible BIOS version, contact Support.
Series 2 and Series 3 devices must be running at least Version 5.4.0.5 to update to Version 5.4.0.9.
Cisco ASA with FirePOWER Services (ASA5512-X, ASA5515-X, ASA5525-X, ASA5545-X, ASA5555-X, ASA5585-X-SSP-10, 
ASA5585-X-SSP-20, ASA5585-X-SSP-40, and the ASA5585-X-SSP-60) must be running at least Version 5.4.0.5 to update to Version 
5.4.0.9.
Cisco ASA with FirePOWER Services (ASA5506-X, ASA5506W-X, ASA5506H-X, ASA5508-X, and ASA5516-X) must be running at 
least Version 5.4.1 to update to Version 5.4.1.8. The ISA3000 device must be running Version 5.4.1.7 to update to Version 5.4.1.8.
The closer your device’s or ASA module’s current version to the release version (Version 5.4.0.9 or Version 5.4.1.8), the less time the update 
takes.
Table 2
Snort Restart Traffic Effects by Managed Device Model
On this managed device model...
Configured as...
Traffic during restart is...
Series 2, Series 3, and virtual
Inline with Failsafe enabled or disabled, or 
inline tap mode
Passed without inspection (a few packets 
might drop if Failsafe is disabled and Snort 
is busy but not down)
Passive
Uninterrupted and not inspected
Series 3
Routed, switched, or transparent
Dropped
Cisco ASA with FirePOWER Services
Routed or transparent with fail-open (Permit 
Traffic)
Passed without inspection
Routed or transparent with fail-close (Close 
Traffic)
Dropped