About System Updates
You can use the FMC to upgrade the system software for itself and the devices it manages. You can also update various databases and feeds that provide advanced services.
For FMCs with internet access, the system can often obtain updates directly from Cisco. We recommend you schedule or enable automatic updates whenever possible. Some updates are auto-enabled by the initial setup process or when you enable the related feature. Other updates you must schedule yourself. After initial setup, we recommend you review all auto-updates and adjust them if necessary.
Component |
Description |
Details |
---|---|---|
Firepower software |
Major software releases contain new features, functionality, and enhancements. They may include infrastructure or architectural changes. Maintenance releases contain general bug and security related fixes. Behavior changes are rare, and are related to those fixes. Patches are on-demand updates limited to critical fixes with time urgency. Hotfixes can address specific customer issues. |
Direct Download: Select releases only, usually some time after the release is available for manual download. The length of the delay depends on release type, release adoption, and other factors. Schedule: Patches only, on . Uninstall: Patches only. Reimage: Major and maintenance releases only. |
Vulnerability database (VDB) |
The Cisco vulnerability database (VDB) is a database of known vulnerabilities to which hosts may be susceptible, as well as fingerprints for operating systems, clients, and applications. The system uses the VDB to help determine whether a particular host increases your risk of compromise. |
Direct Download: Yes. Schedule: Yes, on . Uninstall: No. |
Geolocation database (GeoDB) |
The Cisco geolocation database (GeoDB) is a database of geographical and connection-related data associated with routable IP addresses. |
Direct Download: Yes. Schedule: Yes, on . Uninstall: No. |
Intrusion rules (SRU/LSP) |
Intrusion rule updates provide new and updated intrusion rules and preprocessor rules, modified states for existing rules, and modified default intrusion policy settings. Rule updates may also delete rules, provide new rule categories and default variables, and modify default variable values. |
Direct Download: Yes. Schedule: Yes, on . Uninstall: No. |
Security Intelligence feeds |
Security Intelligence feeds are collections of IP addresses, domain names, and URLs that you can use to quickly filter traffic that matches an entry. |
Direct Download: Yes. Schedule: Yes, on . Uninstall: No. See: List and Feed Updates for Security Intelligence |
URL categories and reputations |
URL filtering allows you to control access to websites based on the URL’s general classification (category) and risk level (reputation). |
Direct Download: Yes. Schedule: Yes, on > Cloud Services or , depending on your requirements. Uninstall: No. See: Enable URL Filtering Using Category and Reputation |