cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
976
Views
0
Helpful
2
Replies
Beginner

ASA firepower version compatibility query. Please advise what would be the best version to upgrade to.

I am currently working on a project to install new IPS module on existing standalone 5515-x ASAs.

 

The ASAs are on the 9.2(4) 20 version. Based on the ASA Firepower compatibility matrix, there seems to be a bug issue (CSCuv91730) with this version due to which, Cisco recommends to upgrade to 9.2(4.5) and later. Going in further details of the bug, it isn’t clear whether this bug affects this 9.2(4) 20  version. Because, from the bug page, the known affected release is 9.5(1) and shows 9.2(4.1) on wards as fixed release.

 

I have to advise the client whether to stay with this version or to upgrade to be compatible with FP. Please help clarify this doubt.

 

Also, it seems ASAs - 9.2(4) 20 is compatible with firepower module OS – 5.3.1 and 5.4.0.1 (but not 5.4.0.2+). However, 5.4.0.1 is not supported anymore and 5.3.1 version is not compatible with the client’s existing FMC, which is 5.4.1.7 version.

 

Hence, can anyone also please suggest the best way to go forward with this scenario ?

 

Any help would be highly appreciated.

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Mentor

Re: ASA firepower version compatibility query. Please advise what would be the best version to upgrade to.

Is there a particular reason that you want to stay on FP 5.x?

I would:

  1. Upgrade FPMC to the newest 6.2.2 version.
  2. Upgrade the ASA to 9.6(4)3
  3. Reinstall FP with 6.2.2 and install latest patches
2 REPLIES 2
Enthusiast

Re: ASA firepower version compatibility query. Please advise what would be the best version to upgrade to.

Hi,

I would look at upgrading to following versions:
ASA 9.6.4.3 (supported all the way between 5.4.0.2 to 6.2.x FMC and FPM)
ASDM 7.9.x
FMC 5.4.1.10
FPM 5.4.0.6 (note tha FMC need to be at 5.4.1.10)
"Defense Centers running Version 5.4.1.1 can manage devices running Version 5.4.0.6"
From FPM 5.4.0.6 you can upgrade to 5.4.0.11

Just make a plan in notepad for each version upgrade needed to be done.
I would check each release note to see exactly what version to jump to.

br, Micke
VIP Mentor

Re: ASA firepower version compatibility query. Please advise what would be the best version to upgrade to.

Is there a particular reason that you want to stay on FP 5.x?

I would:

  1. Upgrade FPMC to the newest 6.2.2 version.
  2. Upgrade the ASA to 9.6(4)3
  3. Reinstall FP with 6.2.2 and install latest patches