Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1016
Views
0
Helpful
5
Replies

fpr9300 inter-chassis ftd upgrade before adding them to fmc

khalid.meraj
Level 1
Level 1

‎09-23-2019 03:22 AM - edited ‎02-21-2020 09:30 AM

Hi,

 

I have FTD running on intr-chassis cluster of FPR9300 devices. I have built the FTD's from the base image "cisco-ftd.6.3.0.85.SPA.csp" but I wanted to upgrade them to "cisco_FTD_SSP_Patch-6.3.0.3-77.sh.REL.tar" before adding them to my FMC. I can't find any document how i can do this? is it only possible from FMC? 

 

Please can someone help me how I can do this manually ? 

Labels:
0 Helpful
5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-23-2019 04:27 AM - edited ‎09-23-2019 04:30 AM

You can install FTD patches manually.

https://ciscoskills.net/2017/07/12/update-firepower-devices-manually/

That said, a better version would be 6.4.0.4. Cisco just recently recommended that release as the "Gold Star" release.

https://software.cisco.com/download/home/286287252/type/286306337/release/6.4.0.4

It does require that your FXOS is at 2.6(1.157)+

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/compatibility/fxos-compatibility.html

Redeploy the logical device using the 6.4.0 base image and then patch to update to 6.4.0.4.

Of course, your FMC must be at or above the release of all managed devices.

0 Helpful

khalid.meraj
Level 1
Level 1
In response to Marvin Rhoads

‎09-23-2019 08:50 AM

Thanks for your valuable reply. Is that same for cisco_FTD_SSP_Patch-6.3.0.3-77.sh.REL.tar this file extension ? 

 

Also winscp doesn't seems to connect to FTD any suggestion what is the best app i can use? 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to khalid.meraj

‎09-23-2019 09:17 AM

I’m not sure what you mean by your first question. Is what the same?

 

Try using the FTD devices as an ftp client. Host the file on your ftp server - I use FileZilla - and copy from there using the Linux shell in expert mode. 

0 Helpful

khalid.meraj
Level 1
Level 1
In response to Marvin Rhoads

‎09-23-2019 09:32 AM

its regarding the manually update query. 

 

The example link you have pasted above indicating that .sh patch extension file being used to manually update the FTD. 

 

The file I have download is with the different file extension as compared to your example. 

 

as mentioned in my previous post I am trying to upgrade my base image to as 3.0.3-77 but that as .tar extension at the end. do I need to download a .SH extension file inorder to upgrade it? I am confused whats the difference between these two file extension? 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to khalid.meraj

‎09-23-2019 10:06 PM

In more recent versions Cisco has stopped using the plain shell script packages (.sh) and switched to a signed release. They bundle the bundle.sig and .sh files together into a tarball (.tar file).

If you untar (extract) them using Linux tar utility (or 7-zip or similar program) you will find the .sh patch file within.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card