About System Updates
Use the management center to upgrade the system software for itself and the devices it manages. You can also update various databases and feeds that provide advanced services.
If the management center has internet access, the system can often obtain updates directly from Cisco. We recommend you schedule or enable automatic content updates whenever possible. Some updates are auto-enabled by the initial setup process or when you enable the related feature. Other updates you must schedule yourself. After initial setup, we recommend you review all auto-updates and adjust them if necessary.
Component |
Description |
Details |
---|---|---|
System software |
Major software releases contain new features, functionality, and enhancements. They may include infrastructure or architectural changes. Maintenance releases contain general bug and security related fixes. Behavior changes are rare, and are related to those fixes. Patches are on-demand updates limited to critical fixes with time urgency. Hotfixes can address specific customer issues. |
Direct Download: Yes, except hotfixes. You can schedule patch downloads. Schedule Install: Patches and maintenance releases only, as a scheduled task. Uninstall: Patches only. Revert: Major and maintenance releases for threat defense only. Revert is not supported for the management center. Reimage: Major and maintenance releases only. See: Cisco Secure Firewall Threat Defense Upgrade Guide for Management Center |
Vulnerability database (VDB) |
The Cisco vulnerability database (VDB) is a database of known vulnerabilities to which hosts may be susceptible, as well as fingerprints for operating systems, clients, and applications. The system uses the VDB to help determine whether a particular host increases your risk of compromise. |
Direct Download: Yes. Schedule: Yes, as a scheduled task. Uninstall: Starting with VDB 357, you can install any VDB as far back as the baseline VDB for the management center. |
Geolocation database (GeoDB) |
The Cisco geolocation database (GeoDB) maps IP addresses to countries/continents. |
Direct Download: Yes. Schedule: Yes, from its own update page Uninstall: No. |
Intrusion rules (SRU/LSP) |
Intrusion rule updates provide new and updated intrusion rules and preprocessor rules, modified states for existing rules, and modified default intrusion policy settings. Rule updates may also delete rules, provide new rule categories and default variables, and modify default variable values. |
Direct Download: Yes. Schedule: Yes, from its own update page. Uninstall: No. |
Security Intelligence feeds |
Security Intelligence feeds are collections of IP addresses, domain names, and URLs that you can use to quickly filter traffic that matches an entry. |
Direct Download: Yes. Schedule: Yes, from the object manager. Uninstall: No. See: Cisco Secure Firewall Management Center Device Configuration Guide |
URL categories and reputations |
URL filtering allows you to control access to websites based on the URL’s general classification (category) and risk level (reputation). |
Direct Download: Yes. Schedule: Yes, when you configure integrations/cloud services, or as a scheduled task. Uninstall: No. See: Cisco Secure Firewall Management Center Device Configuration Guide |