Hello Guys. Yesterday I have upgraded Firesight and ASA5555 to version 6 at our customer site. FireSight upgrade was easy and it completed successfully, but then I was unable to upgrade FirePower modules - I was getting error. So, I did it manually with recover procedure.
Customer is using Fisight with AD integration and FireSight user agent. So, after upgrade I had two problems:
I tried 9.4.2 and 9.5.1 and there was no change.
So , now I am rollbacking Firesight and modules to 5.4 versions,
So, the question is - Have somebody already tried to upgrade ASA5555-X to version 6 ? Tell me your experience about new version upgrade, if you have it.
Is it possible the IP address of the machine the User Agent is installed on has changed? If so, that change would have to be reflected in the Defense Center (DC) under Policies->Users.
If the above is not the case, could you logon to the machine the User Agent is installed on and navigate to:
C:\Program Files\Sourcefire, Inc\User Agent and run Tools.exe .
Then click on the "DC" tab and ensure the "Sourcefire DC" is correctly populated and click "Test Connection".
Regarding the failures what was the exact error when Firepower was failing on ASA.
Rate if that helps!!!
Thank you for your answer. I have tested connection from User Agent to AD and FireSight - is it ok.
About errors - I did not had enought time for troubleshooting, as main rules on firesight are based on AD groups and users. So when we found out this issues, we decided to rollback. That's why I am just asking about upgrade experience of ASA5555 and firesight manage to version 6.
Also, I am going to upgrade the system again in two-three days , again and I think, I will have enogh time for troubleshooting.
My guess, you traffic drop problem could have been due to snort process. You can check if there was some core generated using ls -lrt /var/common or if snort is Down or stuck, you can user command like "top" or "pmtool status | grep Running" or "pmtool status | grep Down".
Regarding User agent related issue as you mentioned we could have done more troubleshooting. I would suggest to open a TAC case and have a TAC engineer to look into it if you face same issue again.