My problem with this ASA update occurs whenever I’m re-imaging the ASA with FirePOWER 5.4.1. I don’t know what I have done but right now the FirePOWER updates are working. Below is the list of things I have done and probably one of those tasks allowed the FirePOWER (on-box) to update.

1. Manually updated FirePOWER 5.4.1 to FirePOWER 5.4.1.5 (the update still didn’t work)
2. Manually updated to FirePOWER 5.4.1.6 (FirePOWER 5.4.1.7 and 8 would not upload. Whenever I try to update FirePOWER with a file over 2+ GB file I’m getting “Gateway” proxy error)
3. Updated /etc/resolv.conf with dns
4. After 2 days the FirePOWER module updated itself.

So based on the above I have no idea what made the ASA FirePOWER (on-box) to update.

Hi,

I had the same issue messages like "Error Download updates failed: Unable to connect to update server"

I did the activation through wizard asdm and that way it did not send dns information for SourceFire module (Not requested either). Also NTP server was not updating neither (using default ntp: sourcefire.pool.ntp.org), checking on Configuration > ASA FirePOWER Configuration > Local > Configuration > Time.

I had to do the following command:

configure network dns servers 8.8.8.8,8.8.4.4

But it still did not work. 

The solution was reloading the ASA 5506-X and the issue was resolved.

Another workaround could be restarting the nscd service through expert commands, but I did not have a chance to test it.

ASA-5506-X# session sfr console
Opening console session with module sfr.
Connected to module sfr. Escape character sequence is 'CTRL-^X'.

> expert

admin@SourceFire3d:~$ sudo /etc/rc.d/init.d/nscd restart

Password:{Enter Your Password}

Stopping nscd...                                                     [  OK  ]

Starting nscd...                                                       [  OK  ]

admin@SourceFire3d:~$

> system support ping google.com
PING google.com (216.58.222.206) 56(84) bytes of data.
64 bytes from bog02s05-in-f14.1e100.net (216.58.222.206): icmp_req=1 ttl=57 time=26.0 ms
64 bytes from bog02s05-in-f14.1e100.net (216.58.222.206): icmp_req=2 ttl=57 time=21.6 ms
64 bytes from bog02s05-in-f14.1e100.net (216.58.222.206): icmp_req=3 ttl=57 time=21.5 ms
64 bytes from bog02s05-in-f14.1e100.net (216.58.222.206): icmp_req=4 ttl=57 time=21.4 ms
64 bytes from bog02s05-in-f14.1e100.net (216.58.222.206): icmp_req=5 ttl=57 time=21.2 ms
64 bytes from bog02s05-in-f14.1e100.net (216.58.222.206): icmp_req=6 ttl=57 time=20.8 ms

When I tried to update, I couldn't access to Firepower for a while through ASDM (a few hours), downloading information from 54.221.211.1:443. It downloaded almost 3GB.

I tried updating dns and below and DNS reolution started working.

admin@SourceFire3d:~$ sudo /etc/rc.d/init.d/nscd restart