Solved: FMC VDB Update

Thomas Yarger · ‎01-09-2018

Hi All,

I have a customer on a very OLD Vulnerability DB version and I'm a bit leery about updating as the customer is very sensitive to outages and demands perfection with any change/update. Are there any gotcha's or caveats I should be aware of before I update the DB? Thanks!

Marvin Rhoads · ‎01-09-2018

You definitely want a change control window with scheduled outage.

A VDB update restarts Snort when deployed:

https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/policy_management.html

So you will have a few seconds on unavailability for the IPS. Depending on the architecture (fail open etc.), that may result in a brief loss of service.

Other than that it should be fine. You can always open a proactive TAC case to be doubly sure.

View solution in original post

Marvin Rhoads · ‎01-09-2018

You definitely want a change control window with scheduled outage.

A VDB update restarts Snort when deployed:

https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/policy_management.html

So you will have a few seconds on unavailability for the IPS. Depending on the architecture (fail open etc.), that may result in a brief loss of service.

Other than that it should be fine. You can always open a proactive TAC case to be doubly sure.

Thomas Yarger · ‎01-10-2018

Thanks Marvin!

gjames-lic · ‎06-10-2019

How did you go with this? Mission success?

Any pre reqs for Snort version etc.

Thanks

Adam