Introduction
This document describes how to upgrade from Snort 2 and Snort 3 version in Firepower Manager Center (FMC).
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Firepower Threat Defense
- Firepower Management Center
- Snort
Components Used
The information in this document is based on these software and hardware versions:
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Background Information
The Snort 3 feature was added in the 6.7 release for Firepower Device Manager (FDM) and Cisco Defense Orchestrator (CDO); in the 7.0 release for the Firepower Management Center (FMC).
Snort 3.0 was designed to address these challenges:
- Reduce memory and CPU usage.
- Improve HTTP inspection efficacy.
- Faster configuration loading and Snort restart.
- Better programmability for faster feature addition.
Configure
Upgrade the Snort Version
Method 1
- Log into Firepower Management Center.
![Log into Firepower Management Center Method 1](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-00.png)
2. On the Device tab navigate to Devices > Device Manager.
![Navigate to the Device Menu](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-01.png)
3. Select the device that you want to change the Snort version.
![Select the Device](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-02.png)
4. Click the Device tab and click the Upgrade button on the Inspection Engine Section.
![Click Upgrade to Snort 3](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-03.png)
5. Confirm your selection.
![Confirm your Selection](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-04.png)
Method 2
- Log into Firepower Management Center.
![Log into Firepower Management Center Method 1](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-05.png)
2. On the Device tab navigate to Devices > Device Manager.
![Navigate to the Device Menu](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-06.png)
3. Select the device that you want to change the Snort version.
![Select the Device](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-07.png)
4. Click on the Select Action button and select Upgrade to Snort 3.
![Select Action](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-08.png)
Upgrade of Intrusion Rules
Additionally, you need to convert your Snort 2 rules into Snort 3 rules.
- Select from the menu Objects > Intrusion Rules.
![Convert Intrusion Rules](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-09.png)
2.Select from the menu Snort 2 All Rules tab > Group Rules By > Local Rules.
![Select Local Rules](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-10.png)
3. Click Snort 3 All Rules tab and make sure that All Rules is selected.
![Click Snort 3 Rules](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-11.png)
4.On the Task drop down menu, select Convert and import.
![Select Convert and Import](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-12.png)
5. Click OK on the warning message.
![Click OK](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-13.png)
Verify
The Inspection Engine section shows that the current version of Snort is Snort 3.
![Verify Snort 3 Conversion](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-14.png)
The rule conversion was successful once you see this message:
![Verify Rule Conversion](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-15.png)
Finally, you must find on the Local Rules group the All Snort 2 Converted Global section, which contains all your Snort 2 to Snort 3 converted rules.
![Verify Local Rules](/c/dam/en/us/support/docs/security/secure-firewall-management-center/221966-upgrade-from-snort-2-to-snort-3-via-fmc-16.png)
Troubleshooting
In case the migration fails or crashes, rollback to Snort 2 and try again.
Related Information