About System Updates

Use the management center to upgrade the system software for the devices it manages. You can also update various databases and feeds that provide advanced services.

The system can obtain most updates from the internet. We recommend you schedule or enable automatic content updates whenever possible. Some updates are auto-enabled by the initial setup process or when you enable the related feature. Other updates you must schedule yourself. After initial setup, we recommend you review all auto-updates and adjust them if necessary.

Upgrades and Updates

Component

Description

Details

System software

Major software releases contain new features, functionality, and enhancements. They may include infrastructure or architectural changes.

Maintenance releases contain general bug and security related fixes. Behavior changes are rare, and are related to those fixes.

Patches are on-demand updates limited to critical fixes with time urgency.

Hotfixes can address specific customer issues.

Direct Download:You can access Upgrade Packages Management page from System > Product Upgrades. You can directly download all upgrade packages (major releases, maintenance releases, patches etc.) that apply to your devices. You will need to manually upload hotfixes.

Schedule Install: Patches and maintenance releases only, as a scheduled task.

Uninstall: Patches only.

Revert: Major and maintenance releases only.

Reimage: Major and maintenance releases only.

See: Cisco Secure Firewall Threat Defense Upgrade Guide for Cloud-Delivered Firewall Management Center

Vulnerability database (VDB)

The Cisco vulnerability database (VDB) is a database of known vulnerabilities to which hosts may be susceptible, as well as fingerprints for operating systems, clients, and applications. The system uses the VDB to help determine whether a particular host increases your risk of compromise.

Direct Download: Yes.

Schedule: Yes, as a scheduled task.

Uninstall: Starting with VDB 357, you can install any VDB as far back as the baseline VDB for the management center.

See: Update the Vulnerability Database (VDB)

Geolocation database (GeoDB)

The Cisco geolocation database (GeoDB) maps IP addresses to countries/continents.

Direct Download: Yes.

Schedule: Yes, from its own update page

Uninstall: No.

See: Update the Geolocation Database (GeoDB)

Intrusion rules (SRU/LSP)

Intrusion rule updates provide new and updated intrusion rules and preprocessor rules, modified states for existing rules, and modified default intrusion policy settings.

Rule updates may also delete rules, provide new rule categories and default variables, and modify default variable values.

Direct Download: Yes.

Schedule: Yes, from its own update page.

Uninstall: No.

See: Update Intrusion Rules

Security Intelligence feeds

Security Intelligence feeds are collections of IP addresses, domain names, and URLs that you can use to quickly filter traffic that matches an entry.

Direct Download: Yes.

Schedule: Yes, from the object manager.

Uninstall: No.

See: List and Feed Updates for Security Intelligence

URL categories and reputations

URL filtering allows you to control access to websites based on the URL’s general classification (category) and risk level (reputation).

Direct Download: Yes.

Schedule: Yes, when you configure integrations/cloud services, or as a scheduled task.

Uninstall: No.

See: Enable URL Filtering Using Category and Reputation