I installed an ASA 5515x with Firepower services version 5.4 about 2 years ago at a customer location. Also installed is a Firesight Management Center VM version 5.4. I have read the release notes on ugrading the FMC (version 6.2), and it states that the FMC must go through each release to get to 6.2. I think it was 5.4 > 6.0>6.01>6.1>6.2.
My question is, can I leave the Firepower module in the ASA at 5.4 as I upgrade the FMC to 6.2 through the various upgrade versions, then remove the Firepower version 5.4 in the ASA, and install Firepower module version 6.2, and reconfigure the Firepower module to connect back to the FMC.
Or do I have to upgrade the FMC one version, then repeat the upgrade on the Firepower module to same version? Repeat, again and again ?
Hi Marvin, Can you help me with some tips of this upgrade process:
However, if you are going to remove and then re-add the ASA FirePOWER module you could: 1. Remove the ASA as a managed device. Remove it from where? FMC or ASA SFR configuration? Let's say I have service policy config ON and I decide to reboot the Firepower module? What's the traffic impact?
2. Take your FMC all the way to 6.2 (current patch level is 22.214.171.124). I am good here. 3. Re-image the module on the ASA directly to 6.2.0 (NOTE - you will lose FirePOWER services during this time as the module will reload and all deployed policies will be deleted. I will probably need to ready how to do this.
4. Re-add the module into FMC and set it as a target for your policies and deploy them. What happens with production traffic when I am applying new policies to the module?
5. Patch the module to the latest release. Same question about production traffic? Should just take care of steps 2-5 by removing the SFR inspection, then add it back on the ASA service policy configuration?