Cisco Cisco Firepower Management Center 2000 發佈版本通知
2
Firepower System Release Notes
Resolved Issues
9.
Click Upload.
10.
Optionally, run a readiness check on the ASA FirePOWER module
as described in
.
Caution:
If you encounter issues with the readiness check that you cannot resolve, do not begin the update. Instead, contact Support.
11.
Select Monitoring > ASA FirePOWER Monitoring > Task Status to view the task queue and make sure that there are no jobs in process.
Tasks that are running when the update begins are stopped and cannot be resumed; you must manually delete them from the task queue after
the update completes. The task queue automatically refreshes every 10 seconds. You must wait until any long-running tasks are complete before
you begin the update.
the update completes. The task queue automatically refreshes every 10 seconds. You must wait until any long-running tasks are complete before
you begin the update.
12.
Select Configuration > ASA FirePOWER Configuration > Updates.
13.
Click the install icon next to the update you uploaded.
The update process begins. You can begin monitoring the update’s progress in the task queue.
14.
After the update finishes, reconnect ASDM to the ASA device as described in the ASA Firepower Module Quick Start Guide.
15.
Access the ASA FirePOWER module interface and refresh the page. Otherwise, the interface may exhibit unexpected behavior. If you are the
first user to access the interface after a major update, the End User License Agreement (EULA) may appear. You must review and accept the
EULA to continue.
first user to access the interface after a major update, the End User License Agreement (EULA) may appear. You must review and accept the
EULA to continue.
16.
If the intrusion rule update available on the Support site is newer than the rule set on your
ASA FirePOWER module, import the newer rule
set. Do not auto-apply the imported rules when working with Version 6.1.0.
For more information, see the ASA with FirePOWER Services Local Management Configuration Guide.
17.
If the VDB available on the Support site is newer than the VDB installed during the update, install the latest VDB. Do not auto-deploy VDB
updates when working with Version 6.1.0.
updates when working with Version 6.1.0.
Installing a VDB update restarts the Snort process when you deploy configuration changes, temporarily interrupting traffic inspection. Whether
traffic drops during this interruption or passes without further inspection depends on the model of the managed device and how it handles
traffic.
traffic drops during this interruption or passes without further inspection depends on the model of the managed device and how it handles
traffic.
For more information, see the ASA with FirePOWER Services Local Management Configuration Guide.
18.
Deploy configuration changes.
When you deploy, resource demands may result in a small number of packets dropping without inspection. Additionally, deploying some
configurations requires the Snort process to restart, temporarily interrupting traffic inspection. Whether traffic drops during this interruption
or passes without further inspection depends on the model of the managed device and how it handles traffic. For more information, see the ASA
with FirePOWER Services Local Management Configuration Guide.
configurations requires the Snort process to restart, temporarily interrupting traffic inspection. Whether traffic drops during this interruption
or passes without further inspection depends on the model of the managed device and how it handles traffic. For more information, see the ASA
with FirePOWER Services Local Management Configuration Guide.
19.
If a later patch is available on the Support site, update to the latest patch as described in the Firepower System Release Notes for that version.
You must update to the latest patch to take advantage of product enhancements and security fixes.
You must update to the latest patch to take advantage of product enhancements and security fixes.
Resolved Issues
If you have a Cisco account, you can view defects resolved in this release using the Cisco Bug Search Tool:
https://tools.cisco.com/bugsearch/
.
The following defects are resolved in Version 6.1.0:
Security Issue
Addressed multiple cross-site scripting (XSS) vulnerabilities, as described in CVE-2015-4270 and CVE-2016-1294.
Security Issue
Addressed multiple vulnerabilities within the third party OpenSSL, as described in CVE-2015-3193, CVE-2015-3194,
CVE-2015-3195, CVE-2015-3196, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, and
CVE-2016-2176.
CVE-2016-2176.
Security Issue
Addressed multiple vulnerabilities within the third party Open SSH, as described in CVE-2015-5600, CVE-2015-6565,
CVE-2016-0777, and CVE-2016-0778.