Thank you for your quick reply.  What about the FXOS and ASA code?  From what I see in Cisco matrix, FXOS should be 2.2.2 when using Firepower 6.2.2?  And ASA should be 9.8?  Is that correct?

Hey @nevin.maurice1

You will need the file to upgrade the sensor to the new version and the FMC upgrade file for the Manager. Both the files should be with ".sh" like below:

Cisco_Network_Sensor_Upgrade-6.2.2-81.sh
Sourcefire_3D_Defense_Center_S3_Upgrade-6.2.2-81.sh

The update paths to version 6.2.2 are:

Firepower Management Center—Version 6.2.0.x
Version 6.2.0 > Version 6.2.1 > Version 6.2.2

2 x FTD 4110 > Firepower = 6.2.0.2 , FXOS = 2.1(1.72)(1)
Version 6.1.0 > Version 6.2.0 > Version 6.2.2

2 x ASA5516X-SFR > ASA = 9.5.3, Firepower = 6.1.0.3
Version 6.1.0 > Version 6.2.0 > Version 6.2.2

2 x ASA5516X with FTD > Firepower = 6.2.0.2
Version 6.1.0 > Version 6.2.0 > Version 6.2.2
 

After you verify the upgrade path you need first upgrade the FMC and then the Firepower that it manages.

Please read the Release notes below:
https://www.cisco.com/c/en/us/td/docs/security/firepower/622/relnotes/Firepower_Release_Notes_622/Firepower_Release_Notes_622_chapter_0101.html

Thank you all for your feedback.  I think I have sorted out all the versions I need to have in order to achieve this.

I do have 1 final question.  All Cisco documentation seems to indicate that in order to update an ASA5500X that has been re-imaged/converted to Firepower Threat Defense device, it involves reloading a boot image, a system image, and then finally the FTD software update.

My FMC = confirmed good to go

- Update to 6.2.2 directly from 6.2.0.3

My FTD 4100 devices = confirmed good to go

- update FXOS through Firepower Chassis Manager and update FTD v 6.2.2 through FMC

My ASA 5500X with Firepower Service module (SFR) = confirmed good to go

- update my ASA code to compatible version and FTD v6.2.2 through FMC 

Unclear

My ASA 5500x FTD devices (they have been converted to FTD, so no SFR) = this is where my question comes in above.  Do I need to update boot image, system image, and FTD, or can I just update the FTD version through FMC once my FMC is at 6.2.2.  It seems strange to have to do this for each update Cisco releases???

An ASA with FTD image can be upgraded directly via FMC - there's no need to re-image just to upgrade.

Can I hop on this thread?  I have 2 - ASA 5525x with FireSight in active/standby. ASAs are 9.6.4.3.

VDC and Firesight are 5.4.1.8 and 5.4.0.9

The person that set this up has left the company and I will be taking this over.  I need to get to 6.2.2. 

Can anyone share the quickest path to get there (without re-imaging) for the VDC/FMC as well as the hardware??

Is this correct?

Upgrade to 6.0 pre install 5.4.0.999

Upgrade to 6.0.1213

Upgrade to 6.1 pre install 6.0.1.999

Upgrade to 6.2

Upgrade to 6.2.2

Can I go from 6.0 > 6.1 >6.2 without doing the patches?

Is there a FMC and FirePower matrix to go from 5.4.1.8 to 6.2.2.2?

Any help would be appreciated.

Thank you

AM 

@Arnold Montemayor,

That correct. It will be a long process to get them all on the same 6.2.2 release. (6.2.3 might be out before you finish!)  Each FMC and module upgrade will take 1 hour +. You're probably looking at about 2 working days assuming all goes well. There's no shortcut unless you re-image.

See the path for 6.2.2 laid out here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/622/relnotes/Firepower_Release_Notes_622/Firepower_Release_Notes_622_chapter_0101.html#concept_kc4_qvb_yz

...and the instructions for 6.0 here if you want to see details on 5.4.1.x:

https://www.cisco.com/c/en/us/td/docs/security/firepower/60/relnote/firepower-system-release-notes-version-600.html#47316

Note that you will need to update the modules to 6.1 once you get FMC on 6.1. That's because FMC 6.2 cannot manager devices running any release prior to 6.1.

Thank you so much Marvin.  I have a feeling I am in for a long weekend.  If you don't mind me asking,  does this look correct?  File names are in bold.

Upgrade Virtual Defense Center to 5.4.1.9-53 then to 5.4.1.10-36

Upgrade FireSight to 5.4.0.11-36 (sensors)

Run Pre-install to 6.0

Cisco_Network_Sensor_6.0.0_Pre-install-5.4.0.999-2.

Upgrade Virtual Defense Center 5.4.1.8 to FirePower Management Console 6.0.0-1005

asasfr-sys-6.0.0-1005.pkg

Upgrade FireSight to FirePower (sensors)

Cisco_Network_Sensor_Upgrade-6.0.0-1005.sh

Run Pre-install to 6.1

Cisco_Network_Sensor_6.1.0_Pre-install-6.0.1.999-32.sh

Upgrade FirePower Management Console to 6.1.0-330

asasfr-sys-6.1.0-330.pkg

Upgrade FirePower to 6.1.0.6-85 (sensors)

Cisco_Network_Sensor_Upgrade-6.1.0-330.sh

Upgrade FirePower Management Console to 6.2.0-362 (or can I go right to 6.2.2?)

asasfr-sys-6.2.0-362.pkg

Upgrade FirePower to 6.2.0.4-85 (sensors)

Cisco_Network_Sensor_Upgrade-6.2.0-362.sh

Upgrade FirePower Management Console to 6.2.2 (or can I just do the incremental upgrades?).

asasfr-sys-6.2.2-81.pkg

Upgrade FirePower to 6.2.2-81 (sensors)

Cisco_Network_Sensor_Upgrade-6.2.2-81.sh

Sorry,  PLEASE disregard the last post.  I had some wrong information.  This is what I have for the upgrade path.

Run Pre-install to 6.0

Cisco_Network_Sensor_6.0.0_Pre-install-5.4.0.999-2.

Upgrade Virtual Defense Center 5.4.1.8 to FirePower Management Console 6.0.0-1005

asasfr-sys-6.0.0-1005.pkg

Upgrade FireSight to FirePower (sensors)

Cisco_Network_Sensor_Upgrade-6.0.0-1005.sh

Run Pre-install to 6.1

Cisco_Network_Sensor_6.1.0_Pre-install-6.0.1.999-32.sh

Upgrade FirePower Management Console to 6.1.0-330

asasfr-sys-6.1.0-330.pkg

Upgrade FirePower to 6.1.0.-330 (sensors)

Cisco_Network_Sensor_Upgrade-6.1.0-330.sh

Upgrade FirePower Management Console to 6.2.0-362 (Can I go right to 6.2.2?)

asasfr-sys-6.2.0-362.pkg

Upgrade FirePower to 6.2.0.362 (sensors)

Cisco_Network_Sensor_Upgrade-6.2.0-362.sh

Upgrade FirePower Management Console to 6.2.2 (or can I just do the incremental upgrades?).

asasfr-sys-6.2.2-81.pkg

Upgrade FirePower to 6.2.2-81 (sensors)

Cisco_Network_Sensor_Upgrade-6.2.2-81.sh

We are currently using ASDM to manage the ASA and VDC to manage FireSight.

We would like to keep things that way during the upgrade.  For now at least.

Can you confirm FMC is the replacement for VDC and will keep this separate and that FTD is the unified (combined) management software.

Thanks again,

I am glad I reached out to you.  After looking through your documentation, I have a much better understanding of the process.  I had downloaded some of the wrong files because I thought the FMC software was included in the pkg file.  I believe I finally have the correct upgrade path (see below).

Does this look correct?

6.0

Run Pre-install for FMC from 5.4.1.8 to 6.0

Sourcefire_3D_DefenseCenter_S3_6.0.0_Pre-install-5.4.1.999-21.sh

Upgrade FMC to 6.0

Sourcefire_3D_Defense_Center_S3_Upgrade-6.0.0-1010.sh

Run Pre-install to upgrade sensor to 6.0

Cisco_Network_Sensor_6.0.0_Pre-install-5.4.0.999-2.

Upgrade Network Sensor to 6.0.0-1005

Cisco_Network_Sensor_Upgrade-6.0.0-1005.sh

6.1

Run Pre-install for FMC from 6.0 to 6.1

Sourcefire_3D_Defense_Center_S3_Pre-install-6.0.1.999-1252.sh

Upgrade FMC to 6.1

Sourcefire_3D_Defense_Center_S3_Upgrade-6.1.0-337.sh

Run Pre-install to upgrade sensor to 6.1

Cisco_Network_Sensor_6.1.0_Pre-install-6.0.1.999-32.sh

Upgrade Network Sensor to 6.1.0-330

Cisco_Network_Sensor_Upgrade-6.1.0-330.sh

6.2

Upgrade FMC to 6.2

Sourcefire_3D_Defense_Center_S3_Upgrade-6.2.0-367.sh

Upgrade Network Sensor to 6.2.0-362

Cisco_Network_Sensor_Upgrade-6.2.0-362.sh

Upgrade Network sensor to 6.2.2-81

Cisco_Network_Sensor_Upgrade-6.2.2-81.sh

You have it mostly correct.

Just add update your FMC to 6.2.2 prior to updating the network sensor.