https://community.cisco.com/t5/network-security/reimage-question/m-p/4320804#M1079948 <P>You seem to be asking about the ASA Firepower service module (not FTD).</P> <P>When you reimage a Firepower service module, all configuration from the old module is lost. It cannot be migrated per se. If it was being managed by a Firepower Management Center, the Access Control Policy (and all other associated policies) can be reapplied to the newly imaged module.</P> <P>You will have to re-do the bootstrap configuration of the module in either case (IP address, gateway, etc.).</P> <P>If the class-map entry for sfr is fail-open then there will be no service impact when reimaging (other than loss of IPS services of course).</P> Fri, 09 Apr 2021 04:15:45 GMT Marvin Rhoads 2021-04-09T04:15:45Z https://community.cisco.com/t5/network-security/reimage-question/m-p/4320338#M1079935 <P>Hi,</P><P>&nbsp;</P><P>I have some question regarding reimage FTD. We have a model Cisco 5545. The current version is 5.4.0-764 and plans to upgrade to 6.6.1. The question is can we use the backup current version after reimaging to 6.6.1? Since the path is very long, we try to consider reimage the FTD.</P><P>&nbsp;</P><P>Another question, can we configure bypass mode to prevent interruption during upgrade/reimage? Meaning that to apply fail-open, I guess the term.</P> Thu, 08 Apr 2021 06:32:18 GMT https://community.cisco.com/t5/network-security/reimage-question/m-p/4320338#M1079935 m.azlan 2021-04-08T06:32:18Z https://community.cisco.com/t5/network-security/reimage-question/m-p/4320804#M1079948 <P>You seem to be asking about the ASA Firepower service module (not FTD).</P> <P>When you reimage a Firepower service module, all configuration from the old module is lost. It cannot be migrated per se. If it was being managed by a Firepower Management Center, the Access Control Policy (and all other associated policies) can be reapplied to the newly imaged module.</P> <P>You will have to re-do the bootstrap configuration of the module in either case (IP address, gateway, etc.).</P> <P>If the class-map entry for sfr is fail-open then there will be no service impact when reimaging (other than loss of IPS services of course).</P> Fri, 09 Apr 2021 04:15:45 GMT https://community.cisco.com/t5/network-security/reimage-question/m-p/4320804#M1079948 Marvin Rhoads 2021-04-09T04:15:45Z https://community.cisco.com/t5/network-security/reimage-question/m-p/4320871#M1079953 <P>Hi Marvin,</P><P>&nbsp;</P><P>Thank you for your reply. May I know if reimage, meaning that, we just need to configure the IP, gateway, etc and then establish a connection between FMC and FTD after that push the configuration (policy, etc) from FMC? it should be work right? no need to configure all the configuration right?</P><P>&nbsp;</P><P><SPAN>class-map entry for sfr is fail-open, may I know which guide to refer to this one? we need to configure before perform the upgrade.</SPAN></P> Fri, 09 Apr 2021 08:17:50 GMT https://community.cisco.com/t5/network-security/reimage-question/m-p/4320871#M1079953 m.azlan 2021-04-09T08:17:50Z https://community.cisco.com/t5/network-security/reimage-question/m-p/4321039#M1079970 <P>m.azlan - that's correct.</P> <P>Step 7 in the following document sets the fail-open or fail-close action using ASDM:</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html#pgfId-150498" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html#pgfId-150498</A></P> <P>More details on the actual cli command:</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/S/asa-command-ref-S/sa-shov-commands.html#wp3900250880" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/S/asa-command-ref-S/sa-shov-commands.html#wp3900250880</A></P> Fri, 09 Apr 2021 14:24:19 GMT https://community.cisco.com/t5/network-security/reimage-question/m-p/4321039#M1079970 Marvin Rhoads 2021-04-09T14:24:19Z https://community.cisco.com/t5/network-security/reimage-question/m-p/5269929#M1119991 <P>Hi, m.azlan. Please take a look at&nbsp;<A href="https://youtu.be/uYJRLAcG0vY" target="_blank">https://youtu.be/uYJRLAcG0vY</A>&nbsp;for more information.&nbsp;</P> Tue, 11 Mar 2025 11:50:40 GMT https://community.cisco.com/t5/network-security/reimage-question/m-p/5269929#M1119991 ajmn 2025-03-11T11:50:40Z