Cisco Cisco Firepower Management Center 2000 發佈版本通知
Firepower System Release Notes
Before You Begin: Important Update and Compatibility Notes
13
Link State
In 7000 Series and 8000 Series inline deployments with Bypass enabled, network traffic is interrupted at two
points during the update:
points during the update:
At the beginning of the update process, traffic is briefly interrupted while link goes down and up (flaps) and
the network card switches into hardware bypass. Traffic is not inspected during hardware bypass.
the network card switches into hardware bypass. Traffic is not inspected during hardware bypass.
After the update finishes, traffic is again briefly interrupted while link flaps and the network card switches out
of bypass. After the endpoints reconnect and reestablish link with the sensor interfaces, traffic is inspected
again.
of bypass. After the endpoints reconnect and reestablish link with the sensor interfaces, traffic is inspected
again.
Note:
The configurable Bypass option is not supported on NGIPSv devices, Cisco ASA with FirePOWER
Services, non-bypass NetMods on Firepower 8000 Series devices, SFP transceivers on 71xx Family devices,
or ASA Firepower modules running Firepower Threat Defense.
or ASA Firepower modules running Firepower Threat Defense.
Switching and Routing
Firepower 7000 Series and 8000 Series managed devices do not perform switching, routing, NAT, VPN, or related
functions during the update. If you configured your devices to perform only switching and routing, network traffic
is blocked throughout the update.
functions during the update. If you configured your devices to perform only switching and routing, network traffic
is blocked throughout the update.
Devices running Firepower Threat Defense do not support VPN functionality in Version 6.0.1 but do support
switching and routing functions.
switching and routing functions.
Audit Logging During the Update
When updating appliances that have a web interface, after the system completes its pre-update tasks and the
streamlined update interface page appears, login attempts to the appliance are not reflected in the audit log until
the update process is complete and the appliance reboots.
streamlined update interface page appears, login attempts to the appliance are not reflected in the audit log until
the update process is complete and the appliance reboots.
Time and Disk Space Requirements for Updating to Version 6.0.1
The table below provides disk space and time guidelines for the Version 6.0.1 update. Note that when you use the
Firepower Management Center to update a managed device, the Firepower Management Center requires
additional disk space on its
Firepower Management Center to update a managed device, the Firepower Management Center requires
additional disk space on its
/Volume
partition.
Caution:
Do not restart the update or reboot your appliance at any time during the update process. Cisco
provides time estimates as a guide, but actual update times vary depending on the appliance model,
deployment, and configuration. Note that the system may appear inactive during the pre-checks portion of
the update and after rebooting; this is expected behavior.
deployment, and configuration. Note that the system may appear inactive during the pre-checks portion of
the update and after rebooting; this is expected behavior.
The reboot portion of the update includes a database check. If errors are found during the database check, the
update requires additional time to complete. System daemons that interact with the database do not run during
the database check and repair.
update requires additional time to complete. System daemons that interact with the database do not run during
the database check and repair.
Note:
The closer your appliance’s current version to the release version (Version 6.0.1), the less time the update
takes.
If you encounter issues with the progress of your update, contact Support.