Cisco Cisco Firepower Management Center 2000
15
FireSIGHT System Release Notes
Installing the Update
Installation Method
Use the Defense Center’s web interface to perform the update. Update the Defense Center first, then use it to update
the devices it manages.
the devices it manages.
Order of Installation
Update your Defense Centers before updating the devices they manage.
Installing the Update on Paired Defense Centers
When you begin to update one Defense Center in a high availability pair, the other Defense Center in the pair becomes
the primary, if it is not already. In addition, the paired Defense Centers stop sharing configuration information; paired
Defense Centers do not receive software updates as part of the regular synchronization process.
the primary, if it is not already. In addition, the paired Defense Centers stop sharing configuration information; paired
Defense Centers do not receive software updates as part of the regular synchronization process.
To ensure continuity of operations, do not update paired Defense Centers at the same time. First, complete the update
procedure for the secondary Defense Center, then update the primary Defense Center.
procedure for the secondary Defense Center, then update the primary Defense Center.
Installing the Update on Clustered Devices
When you install an update on clustered devices, the system performs the update on the devices one at a time. When
the update starts, the system first applies it to the secondary device, which goes into maintenance mode until any
necessary processes restart and the device is processing traffic again. The system then applies the update to the primary
device, which follows the same process.
the update starts, the system first applies it to the secondary device, which goes into maintenance mode until any
necessary processes restart and the device is processing traffic again. The system then applies the update to the primary
device, which follows the same process.
Installing the Update on Stacked Devices
When you install an update on stacked devices, the system performs the updates simultaneously. Each device resumes
normal operation when the update completes. Note that:
normal operation when the update completes. Note that:
If the primary device completes the update before all of the secondary devices, the stack operates in a limited,
mixed-version state until all devices have completed the update.
mixed-version state until all devices have completed the update.
If the primary device completes the update after all of the secondary devices, the stack resumes normal operation
when the update completes on the primary device.
when the update completes on the primary device.
Installing the Update on Cisco NGIPS for Blue Coat X-Series
Updating the Cisco NGIPS for Blue Coat X-Series reloads the affected VAPs. If your FireSIGHT Software for X-Series
device is deployed inline and you are using multi-member VAP groups, Cisco recommends that you update the VAPs
one at a time. This allows the other VAPs in the group to inspect network traffic while the VAP that is being updated
reloads.
device is deployed inline and you are using multi-member VAP groups, Cisco recommends that you update the VAPs
one at a time. This allows the other VAPs in the group to inspect network traffic while the VAP that is being updated
reloads.
Note
: If you are using single-VAP VAP groups in an inline deployment, reloading the VAP causes an interruption in
network traffic. Make sure you plan the update for a maintenance window or other time when it will have the least impact
on your deployment.
on your deployment.
After the Installation
After you perform the update on either the Defense Center or managed devices, you must reapply device configuration
and access control policies. Applying an access control policy may cause a short pause in traffic flow and processing,
and may also cause a few packets to pass uninspected. For more information, see the FireSIGHT System User Guide.
and access control policies. Applying an access control policy may cause a short pause in traffic flow and processing,
and may also cause a few packets to pass uninspected. For more information, see the FireSIGHT System User Guide.
Note:
If you plan on updating the system to Version 6.0, you must install the FireSIGHT System Version 6.0
Pre-Installation package prior to updating the Version 6.0. For more information, see the
There are several additional post-update steps you should take to ensure that your deployment is performing properly.
These include:
These include:
verifying that the update succeeded
making sure that all appliances in your deployment are communicating successfully
updating to the latest patch for Version 5.4.1.2, if available, to take advantage of the latest enhancements and
security fixes
security fixes