Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1985
Views
5
Helpful
2
Replies

Firepower sensor upgrade.

Go to solution
mdieken011
Level 1
Level 1

‎02-26-2018 10:34 AM - edited ‎02-21-2020 07:26 AM

I have 5525x ASA's in a HA pair. When they went into production we didn't have the licenses for the Firepower sensors. The firepower version they are currently running is 5.4. I would like to upgrade them to 6.2.2 or the latest version. The policy map is not directing traffic to the module at this time. Can I just copy up the asafr-5500x-boot-622-3.img file and then do a recovery? I can't have down time unless it is scheduled. Just looking for the best path to take for the upgrade. My Firepower Management Center is running 6.2.2.1. Thanks in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
argrullo
Cisco Employee
Cisco Employee

‎02-26-2018 10:40 AM

Hello mdieken011,
If you are comfortable with re-imaging the SFR Module, then that would be the best path, since currently the FMC and the SFR Module are in incompatible versions anyway.
The link below has the procedure to re-image.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/firewall/asa-firewall-cli/modules-sfr.html#pgfId-1485679

I believe there is a portion were it asks to reload the ASA, that is not necessary. I have performed the re-image without reloading.

Please also ensure to check the compatibility version between your ASA and the SFR module.
https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html#id_60529

Keep in mind that you need two files, the boot file and the actual package that is used once you boot into the SFR to install the software.

Please review the information above.

View solution in original post

2 Replies 2

Go to solution
argrullo
Cisco Employee
Cisco Employee

‎02-26-2018 10:40 AM

Hello mdieken011,
If you are comfortable with re-imaging the SFR Module, then that would be the best path, since currently the FMC and the SFR Module are in incompatible versions anyway.
The link below has the procedure to re-image.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/firewall/asa-firewall-cli/modules-sfr.html#pgfId-1485679

I believe there is a portion were it asks to reload the ASA, that is not necessary. I have performed the re-image without reloading.

Please also ensure to check the compatibility version between your ASA and the SFR module.
https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html#id_60529

Keep in mind that you need two files, the boot file and the actual package that is used once you boot into the SFR to install the software.

Please review the information above.

Go to solution
mdieken011
Level 1
Level 1
In response to argrullo

‎03-06-2018 08:12 AM

Thanks Argrullo!  The devices are in production so I wanted to make sure I understood the steps involved in the upgrade.  I thought that is what would be involved but am careful.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card