10-09-2015 08:30 AM - edited 03-12-2019 05:47 AM
I have following :
ASA 9.2(2)4
Defense Center 5.4.1.3
ASA firepower Service Module : 5.3.1.5.
I am trying to upgrade to Firepower Service Module From 5.3.1.5 to 5.4.0.4-55
I have hard time( am i the only one ??) to find proper documents to tell me what should be the procedure.
1 Some documents reads ' I should be able to upgrade using my managed device/ASA with firewpower service module
Some says " I need to upgrade from the ASA firepower service module interface "
2 what i need to back up & how ? ( defense center or something from Firepower service module )
My understanding is upgrade from defense center upload
Cisco_Network_Sensor_Upgrade-5.4.0-763.sh.
& than upgrade to patch (Cisco_Network_Sensor_Patch-5.4.0.4-55.sh)
Sincerely
Viral Patel
Solved! Go to Solution.
10-09-2015 09:13 AM
Viral,
It is recommended to do it from Defense Center / FireSIGHT Management Center. First download the upgrade file you noted to your local PC and then upload it to FireSIGHT. We have to do this because FireSIGHT won't pull major upgrades (i.e. 5.3 to 5.4) direct from Cisco.
Then install it to your managed ASA FirePOWER Service module. FireSIGHT will validate that you have the correct package type and that your image is good. Once that is complete, you can patch to the latest minor release / patch level from FireSIGHT directly.
After all is done, remember to check your policy deployment status (Health, System, and Access Control) and reapply as needed.
10-09-2015 09:13 AM
Viral,
It is recommended to do it from Defense Center / FireSIGHT Management Center. First download the upgrade file you noted to your local PC and then upload it to FireSIGHT. We have to do this because FireSIGHT won't pull major upgrades (i.e. 5.3 to 5.4) direct from Cisco.
Then install it to your managed ASA FirePOWER Service module. FireSIGHT will validate that you have the correct package type and that your image is good. Once that is complete, you can patch to the latest minor release / patch level from FireSIGHT directly.
After all is done, remember to check your policy deployment status (Health, System, and Access Control) and reapply as needed.
10-09-2015 09:26 AM
Thanks Marvin you rock !
Any training material ( apart from lab minutes) , that you can recommend for Firepower.
Sincerely
Viral Patel
10-09-2015 09:33 AM
You're welcome.
One great overview that I use and refer my customers to is the Cisco Live presentation "BRKSEC-2018 - Tips and Tricks for Successful Migration From ASA CX and Cisco Classic IPS to FirePOWER Solutions (2015 San Diego)".
Never mind the reference to CX and classic IPS in the title - it's equally applicable to brand new deployments.
There are several other good ones on that site but that one - for me at least - strikes the right balance of overview and technical depth.
Please mark your question as answered if it has been.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide