cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

268
Views
0
Helpful
5
Replies
Beginner

fpr9300 inter-chassis ftd upgrade before adding them to fmc

Hi,

 

I have FTD running on intr-chassis cluster of FPR9300 devices. I have built the FTD's from the base image "cisco-ftd.6.3.0.85.SPA.csp" but I wanted to upgrade them to "cisco_FTD_SSP_Patch-6.3.0.3-77.sh.REL.tar" before adding them to my FMC. I can't find any document how i can do this? is it only possible from FMC? 

 

Please can someone help me how I can do this manually ? 

Everyone's tags (1)
5 REPLIES 5
Hall of Fame Master

Re: fpr9300 inter-chassis ftd upgrade before adding them to fmc

You can install FTD patches manually.

https://ciscoskills.net/2017/07/12/update-firepower-devices-manually/

That said, a better version would be 6.4.0.4. Cisco just recently recommended that release as the "Gold Star" release.

https://software.cisco.com/download/home/286287252/type/286306337/release/6.4.0.4

It does require that your FXOS is at 2.6(1.157)+

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/compatibility/fxos-compatibility.html

Redeploy the logical device using the 6.4.0 base image and then patch to update to 6.4.0.4.

Of course, your FMC must be at or above the release of all managed devices.

Beginner

Re: fpr9300 inter-chassis ftd upgrade before adding them to fmc

Thanks for your valuable reply. Is that same for cisco_FTD_SSP_Patch-6.3.0.3-77.sh.REL.tar this file extension ? 

 

Also winscp doesn't seems to connect to FTD any suggestion what is the best app i can use? 

Hall of Fame Master

Re: fpr9300 inter-chassis ftd upgrade before adding them to fmc

I’m not sure what you mean by your first question. Is what the same?

 

Try using the FTD devices as an ftp client. Host the file on your ftp server - I use FileZilla - and copy from there using the Linux shell in expert mode. 

Beginner

Re: fpr9300 inter-chassis ftd upgrade before adding them to fmc

its regarding the manually update query. 

 

The example link you have pasted above indicating that .sh patch extension file being used to manually update the FTD. 

 

The file I have download is with the different file extension as compared to your example. 

 

as mentioned in my previous post I am trying to upgrade my base image to as 3.0.3-77 but that as .tar extension at the end. do I need to download a .SH extension file inorder to upgrade it? I am confused whats the difference between these two file extension? 

Hall of Fame Master

Re: fpr9300 inter-chassis ftd upgrade before adding them to fmc

In more recent versions Cisco has stopped using the plain shell script packages (.sh) and switched to a signed release. They bundle the bundle.sig and .sh files together into a tarball (.tar file).

If you untar (extract) them using Linux tar utility (or 7-zip or similar program) you will find the .sh patch file within.