You can and should migrate

ROBBY HARRELL · ‎06-15-2017

I installed an ASA 5515x with Firepower services version 5.4 about 2 years ago at a customer location. Also installed is a Firesight Management Center VM version 5.4. I have read the release notes on ugrading the FMC (version 6.2), and it states that the FMC must go through each release to get to 6.2. I think it was 5.4 > 6.0>6.01>6.1>6.2.

My question is, can I leave the Firepower module in the ASA at 5.4 as I upgrade the FMC to 6.2 through the various upgrade versions, then remove the Firepower version 5.4 in the ASA, and install Firepower module version 6.2, and reconfigure the Firepower module to connect back to the FMC.

Or do I have to upgrade the FMC one version, then repeat the upgrade on the Firepower module to same version? Repeat, again and again ?

Marvin Rhoads · ‎06-15-2017

You can and should migrate the FMC step-by-step up to 6.1. You cannot move to 6.2 until all managed devices are on 6.1.

However, if you are going to remove and then re-add the ASA FirePOWER module you could:

1. Remove the ASA as a managed device.

2. Take your FMC all the way to 6.2 (current patch level is 6.2.0.2).

3. Re-image the module on the ASA directly to 6.2.0 (NOTE - you will lose FirePOWER services during this time as the module will reload and all deployed policies will be deleted.

4. Re-add the module into FMC and set it as a target for your policies and deploy them.

5. Patch the module to the latest release.

ASA with Firepower version 5.4 - Upgrade Paths