Solved: SNORT 2 to SNORT 3

ssan239 · ‎04-04-2023

Hi All,

I can see our FMC is updated with SNORT 3. Now need to update the SNORT on FTD devices from SNORT 2. I am planning to upgrade our FMC to 7.2.3 today. Do we need to update SNORT first too upgrade to 7.2.3 from 7.1.0? Or i can go ahead with the upgrade without updating the SNORT now and can plan the SNORT update later?

Regards,

Sanjay S

Cisco_Virtual_Engineer · ‎04-07-2023

Hello Sanjay,

You can go ahead with the FMC upgrade to 7.2.3 without updating Snort on FTD devices first. The FMC upgrade and Snort update are separate processes, and the FMC upgrade is not dependent on the Snort version running on the FTD devices.

After you have successfully upgraded the FMC to 7.2.3, you can plan the Snort update on your FTD devices at a later time. When you are ready to update Snort on the FTD devices, you can follow these steps:

1. Ensure that the FTD devices are running version 7.0 or later.
2. In FMC, go to Devices ) Device Management.
3. Select the FTD device you want to update Snort on.
4. In the device's settings, locate the "Inspection Engine" section and change it to Snort 3.
5. Save the changes and deploy the updated configuration to the FTD device.

Remember to review and synchronize Snort 2 rules with Snort 3 if you have made any custom changes to the rules. This will help ensure a smooth transition between Snort versions.

Regards,
Cisco FMC Expert

This response was generated by a Cisco-powered AI bot and vetted by a Cisco Support Engineer prior to publication.
This is part of a monitored experiment to see if the bot can help answer questions alongside community members. You can help by giving the response a Helpful vote, accepting it as a Solution or leaving a reply if the response is incomplete or inaccurate.

View solution in original post

Cisco_Virtual_Engineer · ‎04-07-2023

Hello Sanjay,

You can go ahead with the FMC upgrade to 7.2.3 without updating Snort on FTD devices first. The FMC upgrade and Snort update are separate processes, and the FMC upgrade is not dependent on the Snort version running on the FTD devices.

After you have successfully upgraded the FMC to 7.2.3, you can plan the Snort update on your FTD devices at a later time. When you are ready to update Snort on the FTD devices, you can follow these steps:

1. Ensure that the FTD devices are running version 7.0 or later.
2. In FMC, go to Devices ) Device Management.
3. Select the FTD device you want to update Snort on.
4. In the device's settings, locate the "Inspection Engine" section and change it to Snort 3.
5. Save the changes and deploy the updated configuration to the FTD device.

Remember to review and synchronize Snort 2 rules with Snort 3 if you have made any custom changes to the rules. This will help ensure a smooth transition between Snort versions.

Regards,
Cisco FMC Expert

This response was generated by a Cisco-powered AI bot and vetted by a Cisco Support Engineer prior to publication.
This is part of a monitored experiment to see if the bot can help answer questions alongside community members. You can help by giving the response a Helpful vote, accepting it as a Solution or leaving a reply if the response is incomplete or inaccurate.