Cisco Cisco Firepower Management Center 2000

15

FireSIGHT System Release Notes

Installing the Update

Use the Defense Center’s web interface to perform the update. Update the Defense Center first, then use it to update 
the devices it manages.

Update your Defense Centers before updating the devices they manage.

When you begin to update one Defense Center in a high availability pair, the other Defense Center in the pair becomes 
the primary, if it is not already. In addition, the paired Defense Centers stop sharing configuration information; paired 
Defense Centers do not receive software updates as part of the regular synchronization process.

To ensure continuity of operations, do not update paired Defense Centers at the same time. First, complete the update 
procedure for the secondary Defense Center, then update the primary Defense Center.

When you install an update on clustered devices, the system performs the update on the devices one at a time. When 
the update starts, the system first applies it to the secondary device, which goes into maintenance mode until any 
necessary processes restart and the device is processing traffic again. The system then applies the update to the primary 
device, which follows the same process.

When you install an update on stacked devices, the system performs the updates simultaneously. Each device resumes 
normal operation when the update completes. Note that:



If the primary device completes the update before all of the secondary devices, the stack operates in a limited, 
mixed-version state until all devices have completed the update. 



If the primary device completes the update after all of the secondary devices, the stack resumes normal operation 
when the update completes on the primary device.

Updating the Cisco NGIPS for Blue Coat X-Series reloads the affected VAPs. If your FireSIGHT Software for X-Series 
device is deployed inline and you are using multi-member VAP groups, Cisco recommends that you update the VAPs 
one at a time. This allows the other VAPs in the group to inspect network traffic while the VAP that is being updated 
reloads.

: If you are using single-VAP VAP groups in an inline deployment, reloading the VAP causes an interruption in 

network traffic. Make sure you plan the update for a maintenance window or other time when it will have the least impact 
on your deployment.

After you perform the update on either the Defense Center or managed devices, you must reapply device configuration 
and access control policies. Applying an access control policy may cause a short pause in traffic flow and processing, 
and may also cause a few packets to pass uninspected. For more information, see the FireSIGHT System User Guide.

 If you plan on updating the system to Version 6.0, you must install the FireSIGHT System Version 6.0 

Pre-Installation package prior to updating the Version 6.0. For more information, see the 

There are several additional post-update steps you should take to ensure that your deployment is performing properly. 
These include:



verifying that the update succeeded



making sure that all appliances in your deployment are communicating successfully



updating to the latest patch for Version 5.4.1.2, if available, to take advantage of the latest enhancements and 
security fixes