Update Firepower Management Centers
Use this procedure to update all Firepower Management Centers. If you are using high availability, see Update Sequence for Firepower Management Centers in High Availability before you begin.
This update causes a reboot.
Caution |
Do not manually reboot, shut down the system, or restart the update until you see the login prompt. The system may appear inactive during prechecks; this is expected. If you encounter issues with the update, contact Cisco TAC. |
Procedure
Step 1 |
Update to the minimum version as described in Update Paths to Version 6.2.2.x. |
||
Step 2 |
Read these release notes and complete any pre update tasks. For more information, see the following topics: |
||
Step 3 |
Download the update from the Support site:
|
||
Step 4 |
Upload the update to the Firepower Management Center. |
||
Step 5 |
Deploy configuration changes to the devices you plan to update. Otherwise, eventual device updates may fail. When you deploy before updating the Firepower Management Center, resource demands may result in a small number of packets dropping without inspection. Additionally, deploying some configurations restarts the Snort process, which interrupts traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends on how the device handles traffic. For more information, see Configurations that Restart the Snort Process When Deployed or Activated and Snort® Restart Traffic Behavior in the Firepower Management Center Configuration Guide. |
||
Step 6 |
(Optional) Run a readiness check. See Run a Readiness Check through the Shell or Run a Readiness Check through the Firepower Management Center Web Interface.
|
||
Step 7 |
Verify that the appliances in your deployment are successfully communicating with the managing Firepower Management Center and that there are no issues reported by the health monitor. |
||
Step 8 |
Make sure there are no essential tasks in progress. Click the system status icon to view the Tasks tab in the Message Center. Tasks that are running when the update begins are stopped, become failed tasks, and cannot be resumed. You can manually delete failed status messages after the update completes. |
||
Step 9 |
Choose the update you uploaded earlier. In the page, click the install icon next to the update you are installing. |
||
Step 10 |
Install the update and monitor its progress. Choose the Firepower Management Center and click Install. Confirm that you want to install the update and reboot. You can begin monitoring the update’s progress on the Tasks tab of the Message Center. However, after the Firepower Management Center completes its necessary pre update checks, you are logged out. When you log back in, the Upgrade Status page displays a progress bar and provides details about the script currently running.
|
||
Step 11 |
After the update finishes, clear your browser cache and relaunch the browser. Otherwise, the user interface may exhibit unexpected behavior. |
||
Step 12 |
Log into the Firepower Management Center. |
||
Step 13 |
Verify update success. Choose and confirm that the software version is listed correctly. Also note the versions of the intrusion rule update and Vulnerability Database (VDB); you will need this information later. |
||
Step 14 |
Verify that the appliances in your deployment are successfully communicating with the managing Firepower Management Center and that there are no issues reported by the health monitor. |
||
Step 15 |
Update intrusion rules and the Vulnerability Database (VDB). If the intrusion rule update or the VDB available on the Support site is newer than the version currently running, install the newer version. For more information, see the Firepower Management Center Configuration Guide When you install the intrusion rule update, you do not need to automatically reapply policies. You will manually deploy configuration changes, which also reapplies policies. |
||
Step 16 |
Deploy configuration changes to all managed devices. In most cases, deploying for the first time after you update the Firepower Management Center restarts the Snort process, which interrupts traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends on how the device handles traffic. For more information, see Snort® Restart Traffic Behavior in the Firepower Management Center Configuration Guide. |
||
Step 17 |
Update to the latest patch, if necessary. You must update to the latest patch to take advantage of product enhancements and security fixes. If a later patch is available on the Support site, use the Firepower System Release Notes for that version to update the system. |
||
Step 18 |
If you updated Firepower Management Centers in a high availability pair, restart communication. For more information, see Update Sequence for Firepower Management Centers in High Availability. |