Re: upgrade FTD managed by FMC CLI

Ib_Reda · ‎10-22-2023

Dears

I have 2 FTDs managed by 2FMCs, FMC has been upgraded, We need to upgrade the 2 FTDs but one by one through CLI as per management request.

I uploaded the image on FXOS and FTDs how can I upgrade them through CLI one by one?

there is CLI guide?

Also, is the below sequence is right?

1- Upgrade FXOS1 and FXOS2 -----> if successfully.

2-Upgrade FTD standby then failover.

3-Upgrade FTD old active then failover again.

betliu · ‎11-09-2023

Yes, the upgrade sequence by CLI that you said above is correct.

I don't know what your target version is, please refer to Documentation Center with choosing your target version.

Upgrade FXOS by CLI:

Upgrade FTD: (Below is an example to upgrade FTD HA pair from CLI from 6.6.1 to 6.6.5, for your reference)

normally after pushing the upgrade file from FMC to FTD, it is stored in /ngfw/var/sf/updates.

We can apply the next steps:

> > Access Standby FTD via SSH and go to root mode.

> expert

$ sudo su

> > Look for update file 'Cisco_FTD_SSP_FP1K_Upgrade-6.6.5-81.sh.REL.tar'

ls -l /ngfw/var/sf/updates/ | grep 6.6.5

> > If file is there, start upgrade.

# install_update.pl --detach /ngfw/var/sf/updates/Cisco_FTD_SSP_FP1K_Upgrade-6.6.5-81.sh.REL.tar

> >Monitor upgrade.

# tail -f /ngfw/var/log/sf/Cisco_FTD_SSP_FP1K_Upgrade-6.6.5/status.log // Ctrl+C to stop

> >When upgrade completes and Standby FTD is up, failover manually.

# lina_cli

# failover active

> > Connect to the remaining unit and follow the same steps.

**

It is not needed to break FTD HA, just failover manually