Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2415
Views
10
Helpful
3
Replies

Basic questions about Sourcefire

admins0011111
Level 1
Level 1

‎09-22-2015 12:56 AM - edited ‎03-12-2019 05:46 AM

Hi, can anybody help me please?

I have Cisco ASA 5516-X. It is connected to Virtual Defense Center.

How there is an updating through VDC? In System-Updates I see many different updates, such as: Sourcefire Vulnerability And Fingerprint Database Updates, Sourcefire 3D Defense Center S3 Patch, Cisco Network Sensor Patch

1) How to understand what it is necessary to setup?

2) Cisco Network Sensor Patch is it for Cisco ASA? I have two Cisco ASA in failover how it will behave if both modules will start rebooting?

3) On the Rule Updates page, configuration of updating of signatures for Cisco ASA or for VDC?

 

 

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-22-2015 07:50 AM

For the VDB updates you can set them to automatically download and reapply your policies to your managed devices afterwards. (or automatically download to FireSIGHT Management Center only or not download automatically at all).

For the device and sensor updates, you should check the release notes for the respective packages. they will tell you applicability in addition to allowing you to make and informed decision about upgrading or not.

If you try to update a target device with an incompatible package, FireSIGHT Management Center will tell you it's incompatible and prevent the operation.

When updating your devices in an HA pair, it is generally best to update the standby unit first and, after validating success, then failover to it as active and then upgrade the other unit. If both sensors (FirePOWER modules) are offline, you may or may not have connectivity through the firewall - depending on whether your service-policy is set to fail-open or fail-closed.

0 Helpful

Skellington2010
Level 1
Level 1
In response to Marvin Rhoads

‎03-09-2016 02:39 PM

Hello, 

I'm new to DCenter. 

Couple questions...sourcefire updates

AvailableSourceFireUpdatesIs it good practice to setup Recurring Rule Update Imports?

Does:

Cisco Network Sensor Patch = sensor update?

Sourcefire 3D Defensse Center S3 Patch = device update?

Just to verify... Installing a device or sensor patch that indicates reboot, will stop all traffic unless the service policy is set to fail-open?

Sourcefire Vulnerability And Fingerprint Database Updates 264 Tue Mar 1 22:24:02 UTC 2016 No
Sourcefire Vulnerability And Fingerprint Database Updates 261 Mon Jan 25 16:59:59 UTC 2016 No
Sourcefire 3D Defense Center S3 Patch 5.4.1.5-33 Fri Jan 8 23:15:58 UTC 2016 Yes
Sourcefire 3D Defense Center S3 Patch 5.4.1.4-24 Tue Nov 24 18:52:45 UTC 2015 Yes
Cisco Network Sensor Patch 5.4.0.6-33 Fri Jan 8 23:27:46 UTC 2016 Yes
Cisco Network Sensor Patch 5.4.0.5-24 Tue Nov 24 18:58:24 UTC 2015

Preview file
60 KB
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Skellington2010

‎03-09-2016 08:46 PM

Recurring Rule Update Imports - with reapply policy after import - is a recommended practice.

Cisco Network Sensor Patch = update of the software running on the ASA FirePOWER module

Sourcefire 3D Defense Center S3 Patch = update of Defense Center itself (old name - it's FirePOWER Management Center as of 6.0)

Installing a device or sensor patch that indicates reboot, will stop all traffic unless the service policy is set to fail-open - That is correct.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card