Download
Share
Print this page
  1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Hardware
  5. Firepower 1010
  6. Getting started

Cisco Firepower 1010 Getting Started page 37

Hide thumbs Also See for Firepower 1010:

Advertisement

Getting Started
• Download Changes—To download the list of changes as a file, click More Options > Download as
Configuration Changes that Restart Inspection Engines
Any of the following configurations or actions restart inspection engines when you deploy configuration
changes.
Caution
Deployment
Some changes require that inspection engines be restarted, which will result in momentary traffic loss. Following
are the changes that require inspection engine restart:
• SSL decryption policy is enabled or disabled.
• The MTU changed on one or more physical interfaces (but not subinterfaces).
• You add or remove a file policy on an access control rule.
• The VDB was updated.
• Creating or breaking the high availability configuration.
In addition, some packets might be dropped during deployment if the Snort process is busy, with the total
CPU utilization exceeding 60%. You can check the current CPU utilization for Snort using the show asp
inspect-dp snort command.
System Database Updates
If you download an update to the Rules database or VDB, you must deploy the update for it to become active.
This deployment might restart inspection engines. When you manually download an update, or schedule an
update, you can indicate whether the system should automatically deploy changes after the download is
complete. If you do not have the system automatically deploy the update, the update is applied the next time
you deploy changes, at which time inspection engines might restart.
System Updates
Installing a system update or patch that does not reboot the system and includes a binary change requires
inspection engines to restart. Binary changes can include changes to inspection engines, a preprocessor, the
vulnerability database (VDB), or a shared object rule. Note also that a patch that does not include a binary
change can sometimes require a Snort restart.
Text. You are prompted to save the file to your workstation. The file is in YAML format. You can view
it in a text editor if you do not have an editor that specifically supports YAML format.
When you deploy, resource demands may result in a small number of packets dropping without inspection.
Additionally, deploying some configurations requires inspection engines to restart, which interrupts traffic
inspection and drops traffic.
Configuration Changes that Restart Inspection Engines
Getting Started
37

Advertisement

loading

Related Manuals for Cisco Firepower 1010

Related Products for Cisco Firepower 1010

This manual is also suitable for:

Firepower 1120Firepower 1140Firepower 1150Firepower 2110Firepower 2120Firepower 2130 ... Show all