Understanding Update Types
License: Any
Cisco electronically distributes several different types of updates, including major and minor updates to the ASA FirePOWER module software itself, as well as intrusion rule updates and VDB updates.
The following table describes the types of updates provided by Cisco. For most update types, you can schedule their download and installation; see Scheduling Tasks and Using Recurring Rule Updates.
Update Type |
Description |
Schedule? |
Uninstall? |
---|---|---|---|
patches |
Patches include a limited range of fixes (and usually change the fourth digit in the version number; for example, 5.4.0.1). |
yes |
yes |
feature updates |
Feature updates are more comprehensive than patches and generally include new features (and usually change the third digit in the version number; for example, 5.4.1). |
yes |
yes |
major updates (major and minor version releases) |
Major updates, sometimes referred to as upgrades, include new features and functionality and may entail large-scale changes (and usually change the first or second digit in the version number; for example, 5.3 or 5.4). |
no |
no |
VDB |
VDB updates affect the database of known vulnerabilities to which hosts may be susceptible. |
yes |
no |
intrusion rules |
Intrusion rule updates provide new and updated intrusion rules and preprocessor rules, modified states for existing rules, and modified default intrusion policy settings. Rule updates may also delete rules, provide new rule categories and default variables, and modify default variable values. |
yes |
no |
geolocation database (GeoDB) |
GeoDB updates provide updated information on physical locations, connection types, and so on that your system can associate with detected routable IP addresses. You can use geolocation data as a condition in access control rules. You must install the GeoDB to view geolocation details. |
yes |
no |
Note that while you can uninstall patches and other minor updates, you cannot uninstall major updates or return to previous versions of the VDB, GeoDB, or intrusion rules. If you updated to a new major version and you need to revert to an older version, contact Cisco TAC.