Azure FTD - Patching Issue

Quintin.Mayo — Thu, 03 Sep 2020 16:39:35 GMT

Hi,

we applied the FTD update version 6.4.0.10-2 to patch the recent Cisco vulnerability and after it was done, I went back into the updates just to verify they were all applied. To our surprise, both FTD appliances, are still on version 6.4.0.9-62 even though when we applied .10-2 it shows it applied them correctly and it rebooted the appliance. I even went ahead and tried to apply it a second time to the Azure FTD, it seemed to be successful but it did not apply it. If we go back into the Updates and select Install for that patch, the 2 appliances still show as unpatched. I even SSH into the Azure FTD to confirm and it shows the previous version .9-62 as well. Currently ALL our sensors and FTDs are in version 6.4.0.9-62 but the FTDs are missing the security patch. We do not see any pre-requisite patch to apply and it is not complaining about missing anything during the install. Any assistance would be greatly appreciated.

Thanks,

Re: Azure FTD - Patching Issue

ida71 — Mon, 21 Sep 2020 12:51:54 GMT

I asked Cisco TAC this question re no indication of hotfix being applied, bith FMC & CLi "sho version" show 6.4.0.9 as the current version AFTER the hotfix is applied.

According to Cisco this is the correct behaviour ! Weird, as the hot fix has a version number. Their advice is to do the following to check status.

"Another way to check if hotfix is applied is from FTD CLI.

Log in to FTD cli , then gain root access by typing “sudo su”.
Navigate to the directory /ngfw/var/log/sf

cd /var/log/sf

Navigate to the hotfix directory and check the status.log file.

In below example, I’m checking the status.log file of patch 6.4.0.9, you can check the hotfix 6.4.0.10-2 directory via same procedure

root@firepower:/opt/cisco/csp/applications# cd /ngfw/var/log/sf/

root@firepower:/ngfw/var/log/sf# ls -la

total 260

drwxr-xr-x 4 root root 4096 Sep 20 04:02 .

drwxr-xr-x 13 root root 8192 Sep 21 04:02 ..

drwxr-xr-x 12 root root 4096 Jul 9 16:39 Cisco_FTD_SSP_Patch-6.4.0.9

-rw-r--r-- 1 www www 46 Jul 9 16:39 SW_update_info.txt

-rw-r--r-- 1 root root 17520 Sep 21 14:09 data_service.log

-rw-r--r-- 1 root root 5761 Sep 20 03:33 data_service.log.1.gz

-rw-r--r-- 1 root root 7744 Sep 14 03:41 data_service.log.2.gz

-rw-r--r-- 1 root root 5990 Sep 6 03:41 data_service.log.3.gz

-rw-r--r-- 1 root root 7539 Aug 31 03:49 data_service.log.4.gz

-rw-r--r-- 1 root root 508 Jul 9 16:37 db_manage.log

root@firepower:/ngfw/var/log/sf# cd Cisco_FTD_SSP_Patch-6.4.0.9/

root@firepower:/ngfw/var/log/sf/Cisco_FTD_SSP_Patch-6.4.0.9# cat status.log

from status.log file, you can confirm if the hotfix is applied."

Hope that helps.

topic Azure FTD - Patching Issue in Network Security

Azure FTD - Patching Issue

Re: Azure FTD - Patching Issue