About Reverting Threat Defense
Reverting threat defense returns the software to its state just before the last upgrade. You must enable revert when you upgrade the device, so the system can save a revert snapshot.
Reverted Configurations
Configurations that are reverted include:
-
Snort version.
-
Device-specific configurations.
General device settings, routing, interfaces, inline sets, DHCP, SNMP — anything you configure on the
page. - Objects used by your device-specific configurations.
These include access list, AS path, key chain, interface, network, port, route map, and SLA monitor objects. If you edited these objects after you upgraded the device, the system creates new objects or configure object overrides for the reverted device to use. This allows your other devices to continue handling traffic according to their current configuration.
After a successful revert, we recommend you examine the objects used by the reverted device and make any necessary adjustments.
Configurations Not Reverted
Configurations that are not reverted include:
-
Shared policies that can be used by multiple devices; for example, platform settings or access control policies.
A successfully reverted device is marked out-of-date and you should redeploy configurations.
-
For the Firepower 4100/9300, interface changes made using the Secure Firewall chassis manager or the FXOS CLI.
Sync interface changes after a successful revert.
-
For the Firepower 4100/9300, FXOS and firmware.
If you are required to run the recommended combination of FXOS and threat defense, you may need a full reimage; see Revert Guidelines for Threat Defense.