Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1437
Views
0
Helpful
5
Replies

Upgrading Cisco ASA 5508-X from 6.2.3.9 to 6.6.0

FJ1986
Level 1
Level 1

‎02-06-2023 06:32 AM

Looking to upgrade the FTD OS on a Cisco ASA 6.2.3 to a 6.6.0 or higher. IS there a step by step process to follow. these ASA are managed through FMC. The guide mentions to upgrade the firmware on the FMC before upgrading the firmware on Cisco ASA's where Firepower module is managed through FMC and very briefly mentions this as below: 

ASA clusters and failover pairs: To avoid interruptions in traffic flow and inspection, fully upgrade these devices one at a time. If you are also upgrading ASA, upgrade the ASA FirePOWER module just before you reload each unit to upgrade ASA.

https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/firepower-fmc.html#id_53910

I am specifically interested in upgrading the Cisco ASA FTD OS only on a 5508-X firewall after upgrading the FMC

Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎02-06-2023 09:28 AM

Look at the Matrix :

https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html

if you looking to upgrade only SFR, check the matrix code of ASA  first, if the ASA is compatable.

check the MFC matrix, Upgrade FMC first and then SFR as suggested.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

FJ1986
Level 1
Level 1
In response to balaji.bandi

‎02-06-2023 09:40 AM

hi balaji, 

thanks for your input. Basically the link shared talks about CISCO ASA 9.xx version. In my case it is different it is a Cisco ASA 5508-X on a 6.2.3 FTD firmware managed by FMCv. As per compatibility matrix i can go from 6.2.3 to 6.6.0 or higher directly. I was hoping it was a straightforward process i.e. to upload the firmware create backup and restore point on the FMCv for both FMCv and ASA and be done.  

Preview file
32 KB
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to FJ1986

‎02-06-2023 04:35 PM

i may have wrongly understood the requirements, (when you mentioned ASA managed by FMC, then I was in impress SFR Module)

You have ASA kit running FTD on top of it - check below as per the release note you can direct upgrade.

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/relnotes/firepower-release-notes-660/upgrade.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

FJ1986
Level 1
Level 1
In response to balaji.bandi

‎02-08-2023 06:43 AM

So If I understand correctly, can we follow the upgrade procedure defined for Firepower device managed via FMC since not a clearly defined procedure exist where ASA is running FTD OS? 

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/213269-upgrade-procedure-through-fmc-for-firepo.html

Below is the compatibility matrix for Cisco ASA with FTD OS

6.2.3

Last ASA FirePOWER support for ASA 5506-X series and ASA 5512-X.

Any of:

→ 6.6.0 or any 6.6.x maintenance release

→ 6.5.0

→ 6.4.0

→ 6.3.0

 

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to FJ1986

‎02-09-2023 02:13 PM

sure as i mentioned you can upgrade to the desired version.

first we expect FMC to be higher version, then upgrade FTD

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents