||If you want to update Firepower Management
Centers in a high availability pair, see Update Sequence for Firepower Management Centers in High Availability. |
||Update to the minimum version as described in Update Paths to Version 6.2.0.x.|
||Read these release notes and complete any preupdate tasks. For more information, see the following sections:
||Download the update from the Support site:|
- For Firepower Management
Center (MC750, MC1500, MC2000, MC3500, MC4000) and Firepower Management Center
For Firepower Management
Center (MC1000, MC2500, MC4500) :
Download the update package directly from the Support site. If you transfer an update file by email, it may become corrupted.
||Upload the update to the Firepower Management
Center by choosing , then clicking Upload Update on the Product Updates tab. Browse to the update and click Upload. The update is uploaded to the Firepower Management
Center. The web interface shows the type of update you uploaded, its version number, and the date and time it was generated.|
||Redeploy configuration changes to any managed devices. Otherwise, the eventual update of the managed devices may fail.
When you deploy before updating the Firepower Management Center, resource demands may result in a small number of packets dropping without inspection. Additionally, deploying some configurations restarts the Snort process, which interrupts traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends on how the device handles traffic. For more information, see Configurations that Restart the Snort Process When Deployed or Activated and Snort® Restart Traffic Behavior in the Firepower Management Center Configuration Guide, Version 6.2.0.
||(Optional) Run a readiness check on the Firepower Management
Center as described in Run a Readiness Check through the Shell and Run a Readiness Check through the Firepower Management Center Web Interface.
If you encounter issues with the readiness check that you cannot resolve, do not begin the update. Instead, contact Cisco TAC.
||Make sure that the appliances in your deployment are successfully communicating and that there are no issues reported by the health monitor.|
||Click the System Status icon and view the Tasks tab in the Message Center to make sure that there are no tasks in progress.
You must wait until any long-running tasks are complete before you begin the update. Tasks that are running when the update begins are stopped, become failed tasks, and cannot be resumed; you must manually delete them from the Tasks tab after the update finishes.
||On the window, click the install icon next to the update you are installing.|
||Choose the Firepower Management
Center and click Install. Confirm that you want to install the update and reboot the Firepower Management
The update process begins. You can begin monitoring the update’s progress in the Tasks tab of the Message Center. However, after the Firepower Management
Center finishes its necessary pre-update checks, you are logged out. When you log back in, the Upgrade Status page appears. The Upgrade Status window displays a progress bar and provides details about the script currently running. Click show log for current script to see the update log.
If the update fails for any reason, the page displays an error message indicating the time and date of the failure, which script was running when the update failed, and instructions on how to contact Cisco TAC. Do not restart the update.
If you encounter any other issue with the update (for example, if a manual refresh of the Update Status page shows no progress for several minutes), do not restart the update. Instead, contact Cisco TAC.
When the update finishes, the Firepower Management
Center displays a success message and reboots.
||After the update finishes, clear your browser cache and relaunch the browser. Otherwise, the user interface may exhibit unexpected behavior.|
||Log into the Firepower Management
||Choose Version 6.2.0.x. Also note the versions of the intrusion rule update and VDB on the Firepower Management
Center; you will need this information later. and confirm that the software version is listed correctly: |
||Verify that the appliances in your deployment are successfully communicating and that there are no issues reported by the health monitor.|
||If the intrusion rule update available on the Support site is newer than the rule set on your Firepower Management
Center, import the newer rule set. Do not autoapply the imported rules when working with Version 6.2.0.x.
For information on intrusion rule updates, see the Firepower Management Center Configuration Guide.
||If the VDB available on the Support site is newer than the VDB installed during the update, install the latest VDB. Do not autodeploy VDB updates when working with Version 6.2.0.x.
Installing a VDB update restarts the Snort process when you deploy configuration changes, temporarily interrupting traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends on the model of the managed device and how it handles traffic. For more information, see the Firepower Management Center Configuration Guide.
||Redeploy policies to all managed devices.
Click Deploy and choose all available devices, then click Deploy.
You must redeploy configuration changes before updating any managed devices or you may have to reimage your appliances.
In most cases, deploying for the first time after you update the Firepower Management Center restarts the Snort process, which interrupts traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends on how the device handles traffic. For more information, see Snort® Restart Traffic Behavior in the Firepower Management Center Configuration Guide.
||If a later patch is available on the Support site, update to the latest patch as described in the Firepower Release Notes roadmap for that version. You must update to the latest patch to take advantage of product enhancements and security fixes.|
||If you updated Firepower Management
Centers in a high availability pair, see Update Sequence for Firepower Management Centers in High Availability|