Manually Update the VDB

Use this procedure to manually update the VDB. Starting with VDB 357, you can install any VDB as far back as the baseline VDB for the management center.

Caution

Do not perform tasks related to mapped vulnerabilities while the VDB is updating. Even if the Message Center shows no progress for several minutes or indicates that the update has failed, do not restart the update. Instead, contact Cisco TAC.

In most cases, the first deploy after a VDB update restarts the Snort process, interrupting traffic inspection. The system warns you when this will happen (updated application detectors and operating system fingerprints require a restart; vulnerability information does not). Whether traffic drops or passes without further inspection during this interruption depends on how the targeted device handles traffic. For more information, see Snort Restart Traffic Behavior.

Before you begin

If the management center cannot access the Cisco Support & Download site, get the update yourself: Software Download https://www.cisco.com/go/firepower-software. Choose any management center model, then browse to the Coverage and Content Updates page.

Procedure

Step 1

Choose System (system gear icon) > Content Updates > VDB Updates.

Step 2

Choose how you want to get the VDB onto the management center.

  • Direct download: Click the Download Updates button.

  • Manual upload: Click Upload Update, then Choose File and browse to the VDB. After you choose the file, click Upload.

Step 3

Install the VDB.

  1. Next to the Vulnerability and Fingerprint Database update you want to install, click either the Install icon (for a newer VDB) or the Rollback icon (for an older VDB).

  2. Choose the management center.

  3. Click Install.

Monitor update progress in the Message Center. After the update completes, the system uses the new vulnerability information. However, you must deploy before updated application detectors and operating system fingerprints can take effect.

Step 4

Verify update success.

The VDB update page shows the current version.

What to do next

  • Deploy configuration changes.

  • If you based configurations on vulnerabilities, application detectors, or fingerprints that are no longer available, examine those configurations to make sure you are handling traffic as expected. Also, keep in mind a scheduled task to update the VDB can undo a rollback. To avoid this, change the scheduled task or delete any newer VDB packages.