• Product Compatibility in Version 6.2.0

• Update vs. Reimage vs. Deploy

• Important Update Notes

When you deploy before updating the Firepower Management Center, resource demands may result in a small number of packets dropping without inspection. Additionally, deploying some configurations restarts the Snort process, which interrupts traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends on how the device handles traffic. For more information, see Configurations that Restart the Snort Process When Deployed or Activated and Snort® Restart Traffic Behavior in the Firepower Management Center Configuration Guide, Version 6.2.0.

You must wait until any long-running tasks are complete before you begin the update. Tasks that are running when the update begins are stopped, become failed tasks, and cannot be resumed; you must manually delete them from the Tasks tab after the update finishes.

The update process begins. You can begin monitoring the update’s progress in the Tasks tab of the Message Center. However, after the Firepower Management Center finishes its necessary pre-update checks, you are logged out. When you log back in, the Upgrade Status page appears. The Upgrade Status window displays a progress bar and provides details about the script currently running. Click show log for current script to see the update log.

If the update fails for any reason, the page displays an error message indicating the time and date of the failure, which script was running when the update failed, and instructions on how to contact Cisco TAC. Do not restart the update.

When the update finishes, the Firepower Management Center displays a success message and reboots.

For information on intrusion rule updates, see the Firepower Management Center Configuration Guide.

Installing a VDB update restarts the Snort process when you deploy configuration changes, temporarily interrupting traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends how the managed device handles traffic. For more information, see the Firepower Management Center Configuration Guide.

Click Deploy and choose all available devices, then click Deploy.

In most cases, deploying for the first time after you update the Firepower Management Center restarts the Snort process, which interrupts traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends on how the device handles traffic. For more information, see Snort® Restart Traffic Behavior in the Firepower Management Center Configuration Guide.

• Product Compatibility in Version 6.2.0

• Update vs. Reimage vs. Deploy

• Important Update Notes

In most cases, deploying for the first time after you update the Firepower Management Center restarts the Snort process, which interrupts traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends on how the device handles traffic. For more information, see Snort® Restart Traffic Behavior in the Firepower Management Center Configuration Guide.

Updating to FXOS Version 2.0.1 or later causes an expected disruption in traffic. Updating FXOS also reboots the chassis, which drops traffic or passes it uninspected in an intra-chassis cluster depending on whether the cluster uses an enabled hardware bypass module, and drops traffic in an inter-chassis cluster only if chassis reboots overlap before at least one module comes online.

• For Firepower Threat Defense running on the ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5512-X, ASA 5515-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, or any supported virtual platform (VMware, AWS, KVM, Microsoft Azure):

  Cisco_FTD_Upgrade-6.2.0-362.sh

• For Firepower Threat Defense running on the Firepower 4110, Firepower 4120, Firepower 4140, Firepower 4150, Firepower 9300 appliance, and Firepower Threat Defense Virtual:

  Cisco_FTD_SSP_Upgrade-6.2.0-362.sh

  Note	Download the update package directly from the Support site. If you transfer an update file by email, it may become corrupted.

Click Deploy and choose all available devices, then click Deploy.

When you deploy for the first time after updating a device, resource demands may result in a small number of packets dropping without inspection. The deploy does not otherwise interrupt traffic inspection unless, since the previous deploy, you have modified specific policy or device configurations that always restart the Snort process when you deploy them. If you have modified any of these configurations, traffic drops or passes without further inspection during the restart depending on how the device handles traffic.

For more information, see Configurations that Restart the Snort Process When Deployed or Activated and Snort® Restart Traffic Behavior in the Firepower Management Center Configuration Guide, Version 6.2.0.

• For Firepower Threat Defense running on the ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5512-X, ASA 5515-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, ASA 5555-X:

  Cisco_FTD_Upgrade-6.2.0-362.sh

• Product Compatibility in Version 6.2.0

• Update vs. Reimage vs. Deploy

• Important Update Notes

In most cases, deploying for the first time after you update the Firepower Management Center restarts the Snort process, which interrupts traffic inspection. Whether traffic drops during this interruption or passes without further inspection depends on how the device handles traffic. For more information, see Snort® Restart Traffic Behavior in the Firepower Management Center Configuration Guide, Version 6.2.0..

• For 7000 and 8000 Series:

  Sourcefire_3D_Device_S3_Upgrade-6.2.0-362.sh

• For NGIPSv:

  Sourcefire_3D_Device_Virtual64_VMware_Upgrade-6.2.0-362.sh

• For ASA with FirePOWER Services running on the ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5512-X, ASA 5515-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5585-X-SSP-10, ASA 5585-X-SSP-20, ASA 5585-X-SSP-40, and ASA 5585-X-SSP-60:

  Cisco_Network_Sensor_Upgrade-6.2.0-362.sh

If you are updating stacked 7000 and 8000 Series devices, choosing one member of the stack automatically chooses the other devices in the stack. You must update members of a stack together.

Click Deploy and choose all available devices, then click Deploy.

When you deploy for the first time after updating a device, resource demands may result in a small number of packets dropping without inspection. The deploy does not otherwise interrupt traffic inspection unless, since the previous deploy, you have modified specific policy or device configurations that always restart the Snort process when you deploy them. If you have modified any of these configurations, traffic drops or passes without further inspection during the restart depending on how the device handles traffic. For more information, see Configurations that Restart the Snort Process When Deployed or Activated and Snort® Restart Traffic Behavior in the Firepower Management Center Configuration Guide, Version 6.2.0.

• Product Compatibility in Version 6.2.0

• Update vs. Reimage vs. Deploy

• Important Update Notes

Cisco_Network_Sensor_Upgrade-6.2.0-362.sh

Tasks that are running when the update begins are stopped and cannot be resumed; you must manually delete them from the task queue after the update finishes. The task queue automatically refreshes every 10 seconds. You must wait until any long-running tasks are complete before you begin the update.

The update process begins. You can begin monitoring the update’s progress in the task queue.

Installing a VDB update causes a short pause in traffic flow and processing, and may also cause a few packets to pass uninspected. For more information, see the Cisco ASA with FirePOWER Services Local Management Configuration Guide.

Deploying may cause a short pause in traffic flow and processing, and may also cause a few packets to pass uninspected. For more information, see the Cisco ASA with FirePOWER Services Local Management Configuration Guide.