Step 1 |
If you want to update Firepower Management Centers in a high availability pair, see Update Sequence for Firepower Management Centers in High Availability.
|
Step 2 |
Update to the minimum version as described in Update Paths to Version 6.2.0.
|
Step 3 |
Read these release notes and complete any preupdate tasks. For more information, see the following sections:
|
Step 4 |
Download the update from the Support site:
- For Firepower Management Center
(MC750, MC1500, MC2000, MC3500, MC4000)
and Firepower Management Center
Virtual:
Sourcefire_3D_Defense_Center_S3_Upgrade-6.2.0-367.sh
-
For Firepower Management Center (MC1000, MC2500, MC4500) :
Sourcefire_Defense_Center_M4_Upgrade-6.2.0-362.sh
Note
|
Download the update package directly from the Support site. If you transfer an update file by email, it may become corrupted.
|
|
Step 5 |
Upload the update to the Firepower Management Center by choosing , then clicking Upload Update on the Product Updates tab. Browse to the update and click Upload.
The update is uploaded to the Firepower Management Center. The web interface shows the type of update you uploaded, its version number, and the date and time it was generated.
|
Step 6 |
Redeploy configuration changes to any managed devices. Otherwise, the eventual update of the managed devices may fail.
When you deploy before updating the Firepower Management Center, resource demands may result in a small number of packets dropping without inspection. Additionally, deploying some configurations
restarts the Snort process, which interrupts traffic inspection. Whether traffic drops during this interruption or passes
without further inspection depends on how the device handles traffic. For more information, see Configurations that Restart the Snort Process When Deployed or Activated and Snort® Restart Traffic Behavior in the Firepower Management Center Configuration Guide, Version 6.2.0.
|
Step 7 |
(Optional) Run a readiness check on the Firepower Management Center as described in Run a Readiness Check through the Shell and Run a Readiness Check through the Firepower Management Center Web Interface.
Caution
|
If you encounter issues with the readiness check that you cannot resolve, do not begin the update. Instead, contact Cisco
TAC.
|
|
Step 8 |
Make sure that the appliances in your deployment are successfully communicating and that there are no issues reported by the
health monitor.
|
Step 9 |
Click the System Status icon and view the Tasks tab in the Message Center to make sure that there are no tasks in progress.
You must wait until any long-running tasks are complete before you begin the update. Tasks that are running when the update begins
are stopped, become failed tasks, and cannot be resumed; you must manually delete them from the Tasks tab after the update
finishes.
|
Step 10 |
On the window, click the install icon next to the update you are installing.
|
Step 11 |
Choose the Firepower Management Center and click Install. Confirm that you want to install the update and reboot the Firepower Management Center.
The update process begins. You can begin monitoring the update’s progress in the Tasks tab of the Message Center. However, after the Firepower Management Center finishes its necessary pre-update checks, you are logged out. When you log back in, the Upgrade Status page appears. The
Upgrade Status window displays a progress bar and provides details about the script currently running. Click show log for current script to see the update log.
If the update fails for any reason, the page displays an error message indicating the time and date of the failure, which
script was running when the update failed, and instructions on how to contact Cisco TAC. Do not restart the update.
Caution
|
If you encounter any other issue with the update (for example, if a manual refresh of the Update Status page shows no progress
for several minutes), do not restart the update. Instead, contact Cisco TAC.
|
When the update finishes, the Firepower Management Center displays a success message and reboots.
|
Step 12 |
After the update finishes, clear your browser cache and relaunch the browser. Otherwise, the user interface may exhibit unexpected
behavior.
|
Step 13 |
Log into the Firepower Management Center.
|
Step 14 |
If prompted, review and accept the End User License Agreement (EULA). Note that you are logged out of the appliance if you do not accept the EULA.
|
Step 15 |
Choose and confirm that the software version is listed correctly: Version 6.2.0. Also note the versions of the intrusion rule update and VDB on the Firepower Management Center; you will need this information later.
|
Step 16 |
Verify that the appliances in your deployment are successfully communicating and that there are no issues reported by the
health monitor.
|
Step 17 |
If the intrusion rule update available on the Support site is newer than the rule set on your Firepower Management Center, import the newer rule set. Do not autoapply the imported rules when working with Version 6.2.0.
|
Step 18 |
If the VDB available on the Support site is newer than the VDB installed during the update, install the latest VDB. Do not autodeploy VDB updates when working with
Version 6.2.0.
Installing a VDB update restarts the Snort process when you deploy configuration changes, temporarily interrupting traffic
inspection. Whether traffic drops during this interruption or passes without further inspection depends how the managed device
handles traffic. For more information, see the Firepower Management Center Configuration Guide.
|
Step 19 |
Redeploy policies to all managed devices.
Click Deploy and choose all available devices, then click Deploy.
Note
|
You must redeploy configuration changes before updating any managed devices or you may have to reimage your appliances.
|
In most cases, deploying for the first time after you update the Firepower Management Center restarts the Snort process, which interrupts traffic inspection. Whether traffic drops during this interruption or passes
without further inspection depends on how the device handles traffic. For more information, see Snort® Restart Traffic Behavior in the Firepower Management Center Configuration Guide.
|
Step 20 |
If a later patch is available on the Support site, update to the latest patch as described in the Firepower Release Notes roadmap for that version. You must update to the latest patch to take advantage of product enhancements and security fixes.
|
Step 21 |
If you updated Firepower Management Centers in a high availability pair, see Update Sequence for Firepower Management Centers in High Availability
|