Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1765
Views
0
Helpful
2
Replies

ASA firepower version compatibility query. Please advise what would be the best version to upgrade to.

Go to solution
damode
Level 1
Level 1

‎02-14-2018 02:25 PM - edited ‎02-21-2020 07:21 AM

I am currently working on a project to install new IPS module on existing standalone 5515-x ASAs.

 

The ASAs are on the 9.2(4) 20 version. Based on the ASA Firepower compatibility matrix, there seems to be a bug issue (CSCuv91730) with this version due to which, Cisco recommends to upgrade to 9.2(4.5) and later. Going in further details of the bug, it isn’t clear whether this bug affects this 9.2(4) 20  version. Because, from the bug page, the known affected release is 9.5(1) and shows 9.2(4.1) on wards as fixed release.

 

I have to advise the client whether to stay with this version or to upgrade to be compatible with FP. Please help clarify this doubt.

 

Also, it seems ASAs - 9.2(4) 20 is compatible with firepower module OS – 5.3.1 and 5.4.0.1 (but not 5.4.0.2+). However, 5.4.0.1 is not supported anymore and 5.3.1 version is not compatible with the client’s existing FMC, which is 5.4.1.7 version.

 

Hence, can anyone also please suggest the best way to go forward with this scenario ?

 

Any help would be highly appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎02-15-2018 01:04 AM

Is there a particular reason that you want to stay on FP 5.x?

I would:

  1. Upgrade FPMC to the newest 6.2.2 version.
  2. Upgrade the ASA to 9.6(4)3
  3. Reinstall FP with 6.2.2 and install latest patches

View solution in original post

0 Helpful
2 Replies 2

Go to solution
mikael.lahtela
Level 4
Level 4

‎02-14-2018 04:30 PM

Hi,

I would look at upgrading to following versions:
ASA 9.6.4.3 (supported all the way between 5.4.0.2 to 6.2.x FMC and FPM)
ASDM 7.9.x
FMC 5.4.1.10
FPM 5.4.0.6 (note tha FMC need to be at 5.4.1.10)
"Defense Centers running Version 5.4.1.1 can manage devices running Version 5.4.0.6"
From FPM 5.4.0.6 you can upgrade to 5.4.0.11

Just make a plan in notepad for each version upgrade needed to be done.
I would check each release note to see exactly what version to jump to.

br, Micke
0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎02-15-2018 01:04 AM

Is there a particular reason that you want to stay on FP 5.x?

I would:

  1. Upgrade FPMC to the newest 6.2.2 version.
  2. Upgrade the ASA to 9.6(4)3
  3. Reinstall FP with 6.2.2 and install latest patches
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card