02-23-2015 07:20 PM - edited 03-12-2019 05:37 AM
Hello everyone,
it looks like Cisco released version 5.4 SourceFire for ASA a few days ago. We're about to commission a new ASA firewall with SFR module and i'd like to have it updated to the latest version before it goes to prod, moreover 5.4 seems to have SSL decryption features that are not available in 5.3.
I can download updated for the defence centre (both 5.4.0 and 5.4.0.1) but when i go to Downloads\NextGen firewalls\ASA with SFR etc i can only see the 5.4.0.1 patch (.sh file) but nothing quite like 5.4.0. I'm not sure how actual SFR module upgrade works, but assuming that it is the same process as for the DC the updates are not commutative.
I tried uploading the SFR module update 5.4.0.1 to DC but it says there is no compatible devices found and that the update is intended for 5.4.0+. Of course my modules are still running 5.3.
Is it just me or is the required update missing in the downloads on Cisco.com?
Appreciate any information.
Stan.
Solved! Go to Solution.
02-23-2015 08:42 PM
download it here
upload it to firesight then install , then install the patch
02-23-2015 08:42 PM
download it here
upload it to firesight then install , then install the patch
02-23-2015 08:47 PM
Thanks Eduardo,
I'll give it a try and the file is looking like the right one. I didn't think they would have ASA images on sourcefire portal :)
02-23-2015 08:51 PM
i already downloaded and installed , go for it ...
10-12-2015 08:14 PM
Hi,
Instead of update this patch file, does it need to do anything on 5.4.0-763 boot image and install package, for firepower module with 5.3.1.x code update to 5.4.0?
Thanks
Noel
03-03-2015 07:52 PM
Me again. Even though i've downloaded what appears to be the right upgrade package (by the way it is now available on Cisco as well), i've been having troubles upgrading my SFR modules.
DC is running 5.4.1 and it recognized the 5.4.0.1 upgrade for ASA as applicable, but shortly after the beginning of installation the process fails without providing any details.
The status is failed and that's all i managed to get from it.
I've already upgraded SFR modules to latest 5.3.1.1 but it didn't help.
I'm assuming this is probably the first upgrade of this kind ever as ASA SFR was released with 5.3 so there isn't much info on the web on this issue. I am also new to SourceFire products so
unfortunately don't have much experience with their low level system stuff and debugging.
Even worse, it looks like i won't be able to raise a TAC case for some time as the distributor who sold these devices is still sorting out their underpinning contract with Cisco and they do not have Sourcefire skills internally.
Any ideas what to look at? log files? documentation on debugging? will appreciate any inputs.
I think i could just reinstall SFR modules on ASA using new 5.4.0 images, but i'm a bit reluctant to go this path as i'm not sure what happens with licenses etc in this case.
03-18-2015 08:21 AM
I have the same problem, going from 5.3.1.2-30 on the Firepower module trying to upgrade to 5.4.0-763, the update fails.
Did you sort this out or did you have to do a recover on the module?
/Johan
03-18-2015 06:36 PM
Hi Johan,
I actually did, without recovering the module.
It turned out that some policies, either access or intrusion, were not up-to-date on SFR modules. I'd probably ensure that device policies as well as system and health policies are also up-to-date.
After recreating the policies (which probably wasn't really required but since I didn't have many rules in them it was easy enough) and reapplying them to the devices I was eventually able to upgrade to 5.4.0 without any issue.
Surprisingly, it didn't affect that upgrade from 5.3.1 to 5.3.1.1 at all, so only 5.3 -> 5.4. That's what got me confused in the first place as I only tried 5.3.1.1 after 5.4 failed.
HTH
Stan
03-19-2015 03:53 AM
Hi,
Currently doing evaluation of product in lab and exactly the same for me. After upgrading FireSIGHT DC to 5.4 the policy was marked as not in sync with FirePOWER module.
After just reapplying the Policy to the device, the upgrade started properly on the module. (now progress 30%. finger crossing ;) )
Regards,
Antoine
University of Neuchatel, Switzerland
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide