I have cisco 5516x with firepower.
My firepower install at FMC version 5.4.1.
Below my question.
1. what is the best practice to update the rule ( System > Update > Rule Updates ) by weekly basis or monthly ?
2. Any impact during the rule update?
3. how rollback in case any issue.
If we upgrade from 5.4.1 to 6.2.2 , it will not effect the ASA traffic right ? ( currently set to monitor-only )
It require atleast 4 hour to upgrade to 6.2.2 ?
If your ASA Firepower service module is at 5.4.1 and being used in monitor-only mode, then an upgrade (or even uninstall) will not affect traffic through the ASA.
It it would be easier to de-register it from FMC, upgrade FMC to the current 6.2.3 release (that will take several hours by itself) and then re-image the module to 6.2.3, re-register it and re-deploy the policies.
You don't need console (ESXi) access to FMC to upgrade it. You do need to be able to transfer files you have downloaded from cisco.com onto a PC to the server via the web interface.
You do need console (ssh) access to the Firepower (sfr) service module to reimage it. If you upgraded it step-by-step instead you can do it all via the FMC but it will take most of an entire day (assuming it all goes well) vs. about 2 hours to reimage.
I really recommend you read the documentation on the above steps. It's all covered there - upgrading, re-imaging, registering, deploying policy etc. There are many good free presentations available on Cisco Live as well. You should understand the basics before logging into any production system and making significant changes.