Improved upgrade starting page and
package management.
|
Any
|
A new upgrade page makes it easier to choose, download,
manage, and apply upgrades to your entire deployment. This includes the
management center, threat defense devices, and any older
NGIPSv/ASA FirePOWER devices. The page lists all
upgrade packages that apply to your current deployment, with
suggested releases specially marked. You can easily choose
and direct-download packages from Cisco, as well as manually
upload and delete packages.
Internet access is
required to retrieve the list/direct download upgrade
packages. Otherwise, you are limited to manual
management. Patches are not listed unless you have
at least one appliance at the appropriate maintenance
release (or you manually uploaded the patch). You must
manually upload hotfixes.
New/modified screens:
-
System () is now where you upgrade the management
center and all managed devices, as well as
manage upgrade packages.
-
System () is now where you update intrusion
rules, the VDB, and the GeoDB.
-
takes you directly to the threat
defense upgrade wizard.
-
System () allows you to grant access to
Content Updates (VDB,
GeoDB, intrusion rules) without allowing access to
Product Upgrades (system
software).
Deprecated screens/options:
-
System () is deprecated. All threat defense
upgrades now use the wizard.
-
The Add Upgrade Package button
on the threat defense upgrade wizard has been
replaced by a Manage Upgrade
Packages link to the new upgrade
page.
See: Cisco Secure Firewall Threat
Defense Upgrade Guide for Management Center
|
Enable revert from the threat defense
upgrade wizard.
|
Any, if upgrading to 7.1+
|
|
View detailed upgrade status from
the threat defense upgrade wizard.
|
Any
|
The final page of the threat defense upgrade wizard now
allows you to monitor upgrade progress. This is in addition
to the existing monitoring capability on the Upgrade tab on
the Device Management page, and on the Message Center. Note
that as long as you have not started a new upgrade flow, brings you back to this final wizard page,
where you can view the detailed status for the current (or
most recently complete) device upgrade.
See: Cisco Secure Firewall Threat
Defense Upgrade Guide for Management Center
|
Automatically generate
configuration change reports after management center
upgrade.
|
Any
|
You can automatically generate reports on configuration
changes after major and maintenance management center
upgrades. This helps you understand the changes you are
about to deploy. After the system generates the reports, you
can download them from the Tasks tab in the Message
Center.
Other version restrictions: Only supported for management center upgrades from Version 7.4.1+. Not supported for upgrades
to Version 7.4.1 or any earlier version.
New/modified screens: System ()
|
Suggested release
notifications.
|
Any
|
The management center now notifies you when a new suggested
release is
available.
If you don't want to upgrade right now, you can have the
system remind you
later, or defer
reminders until the next suggested release. The new upgrade
page also indicates suggested
releases.
See: Cisco Secure Firewall
Management Center New Features by
Release
|
New upgrade wizard for the
management center.
|
Any
|
A new upgrade starting page and wizard make it easier to
perform management center upgrades. After you use System () to get the appropriate upgrade package onto
the management center, click Upgrade
to begin.
Other version restrictions: Only supported for management
center upgrades from Version 7.4.1+.
To upgrade the management center to any version, see the
upgrade guide for the version your management center is
currently running: : Cisco Secure Firewall Threat
Defense Upgrade Guide for Management Center. If you are running Version 7.4.0, you can use the
Version 7.3.x guide.
|
Hotfix high availability management
centers without pausing synchronization.
|
Any
|
Unless otherwise indicated by the hotfix release notes or
Cisco TAC, you do not have to pause synchronization to
install a hotfix on high availability management
centers.
|
Firmware upgrades included in FXOS
upgrades.
|
Any
|
Chassis/FXOS upgrade impact. Firmware upgrades cause an
extra reboot.
For the Firepower 4100/9300, FXOS upgrades to Version 2.14.1
now include firmware upgrades. Secure Firewall 3100 in
multi-instance mode (new in Version 7.4.1) also bundles FXOS
and firmware upgrades. If any firmware component on the
device is older than the one included in the FXOS bundle,
the FXOS upgrade also updates the firmware. If the firmware
is upgraded, the device reboots twice—once for FXOS and once
for the firmware.
Just as with software and operating system upgrades, do not
make or deploy configuration changes during firmware
upgrade. Even if the system appears inactive, do not
manually reboot or shut down during firmware upgrade.
See: Cisco Firepower 4100/9300
FXOS Firmware Upgrade Guide
|
Chassis upgrade for the Secure
Firewall 3100 in multi-instance mode.
|
7.4.1
|
For the Secure Firewall 3100 in multi-instance mode, you
upgrade the operating system and the firmware (chassis
upgrade) separately from the container instances
(threat defense upgrade).
New/modified screens:
-
Upgrade the chassis:
-
Upgrade threat defense:
Supported platforms: Secure Firewall 3100, excluding the
Secure Firewall 3105
Minimum
management center: 7.4.1
|
Updated internet access
requirements for direct-downloading software
upgrades.
|
Any
|
Upgrade impact. The system
connects to new resources.
The management center has changed its direct-download
location for software upgrade packages from sourcefire.com
to
amazonaws.com.
|
Scheduled tasks download
patches and VDB updates only.
|
Any
|
Upgrade impact. Scheduled
download tasks stop retrieving maintenance
releases.
The Download Latest Update scheduled
task no longer downloads maintenance releases; now it only
downloads the latest applicable patches and VDB updates. To
direct-download maintenance (and major) releases to the
management center, use System ().
|