Cisco Cisco Firepower Management Center 4000
53-5
FireSIGHT System User Guide
Chapter 53 Updating System Software
Performing Software Updates
Updating Paired Defense Centers
When you begin to update one Defense Center in a high availability pair, the other Defense Center in the
pair becomes the primary, if it is not already. In addition, the paired Defense Centers stop sharing
configuration information; paired Defense Centers do not receive software updates as part of the regular
synchronization process.
pair becomes the primary, if it is not already. In addition, the paired Defense Centers stop sharing
configuration information; paired Defense Centers do not receive software updates as part of the regular
synchronization process.
To ensure continuity of operations, do not update paired Defense Centers at the same time. First,
complete the update procedure for the secondary Defense Centers, then update the primary.
complete the update procedure for the secondary Defense Centers, then update the primary.
Updating Clustered Devices
When you install an update on clustered devices or clustered stacks, the system performs the update on
the devices or stacks one at a time. When the update starts, the system first applies it to the backup device
or stack, which goes into maintenance mode until any necessary processes restart and the device or stack
is processing traffic again. The system then applies the update to the active device or stack, which
follows the same process.
the devices or stacks one at a time. When the update starts, the system first applies it to the backup device
or stack, which goes into maintenance mode until any necessary processes restart and the device or stack
is processing traffic again. The system then applies the update to the active device or stack, which
follows the same process.
To update devices in a clustered stack, you must perform the update from the managing Defense Center
on all members of a cluster at once; you cannot perform the upgrade directly from the devices.
on all members of a cluster at once; you cannot perform the upgrade directly from the devices.
Updating Stacked Devices
When you install an update on stacked devices, the system performs the updates simultaneously. Each
device resumes normal operation when the update completes. Note that:
device resumes normal operation when the update completes. Note that:
•
If the primary device completes the update before all of the secondary devices, the stack operates in
a limited, mixed-version state until all devices have completed the update.
a limited, mixed-version state until all devices have completed the update.
•
If the primary device completes the upgrade after all of the secondary devices, the stack resumes
normal operation when the update completes on the primary device.
normal operation when the update completes on the primary device.
Traffic Flow and Inspection
When you install or uninstall updates from a managed device, the following capabilities may be affected:
•
traffic inspection, including application and user awareness and control, URL filtering, Security
Intelligence filtering, intrusion detection and prevention, and connection logging
Intelligence filtering, intrusion detection and prevention, and connection logging
•
traffic flow, including switching, routing, and related functionality
•
link state
The Data Correlator does not run during system updates. It resumes when the update is complete.
The manner and duration of network traffic interruption depends on the components of the FireSIGHT
System that the update affects, how your devices are configured and deployed, and whether the update
reboots the device. For specific information on how and when network traffic is affected for a particular
update, see the release notes.
System that the update affects, how your devices are configured and deployed, and whether the update
reboots the device. For specific information on how and when network traffic is affected for a particular
update, see the release notes.
Tip
When you update clustered devices, the system performs the updates one at a time to avoid traffic
interruption.
interruption.
Using the Web Interface During the Update
Regardless of the type of update, do not use the web interface of the appliance you are updating to
perform tasks other than monitoring the update.
perform tasks other than monitoring the update.