09-03-2020 09:39 AM
Hi,
we applied the FTD update version 6.4.0.10-2 to patch the recent Cisco vulnerability and after it was done, I went back into the updates just to verify they were all applied. To our surprise, both FTD appliances, are still on version 6.4.0.9-62 even though when we applied .10-2 it shows it applied them correctly and it rebooted the appliance. I even went ahead and tried to apply it a second time to the Azure FTD, it seemed to be successful but it did not apply it. If we go back into the Updates and select Install for that patch, the 2 appliances still show as unpatched. I even SSH into the Azure FTD to confirm and it shows the previous version .9-62 as well. Currently ALL our sensors and FTDs are in version 6.4.0.9-62 but the FTDs are missing the security patch. We do not see any pre-requisite patch to apply and it is not complaining about missing anything during the install. Any assistance would be greatly appreciated.
Thanks,
09-21-2020 05:49 AM - edited 09-21-2020 05:51 AM
I asked Cisco TAC this question re no indication of hotfix being applied, bith FMC & CLi "sho version" show 6.4.0.9 as the current version AFTER the hotfix is applied.
According to Cisco this is the correct behaviour ! Weird, as the hot fix has a version number. Their advice is to do the following to check status.
"Another way to check if hotfix is applied is from FTD CLI.
cd /var/log/sf
In below example, I’m checking the status.log file of patch 6.4.0.9, you can check the hotfix 6.4.0.10-2 directory via same procedure
root@firepower:/opt/cisco/csp/applications# cd /ngfw/var/log/sf/
root@firepower:/ngfw/var/log/sf# ls -la
total 260
drwxr-xr-x 4 root root 4096 Sep 20 04:02 .
drwxr-xr-x 13 root root 8192 Sep 21 04:02 ..
drwxr-xr-x 12 root root 4096 Jul 9 16:39 Cisco_FTD_SSP_Patch-6.4.0.9
-rw-r--r-- 1 www www 46 Jul 9 16:39 SW_update_info.txt
-rw-r--r-- 1 root root 17520 Sep 21 14:09 data_service.log
-rw-r--r-- 1 root root 5761 Sep 20 03:33 data_service.log.1.gz
-rw-r--r-- 1 root root 7744 Sep 14 03:41 data_service.log.2.gz
-rw-r--r-- 1 root root 5990 Sep 6 03:41 data_service.log.3.gz
-rw-r--r-- 1 root root 7539 Aug 31 03:49 data_service.log.4.gz
-rw-r--r-- 1 root root 508 Jul 9 16:37 db_manage.log
root@firepower:/ngfw/var/log/sf# cd Cisco_FTD_SSP_Patch-6.4.0.9/
root@firepower:/ngfw/var/log/sf/Cisco_FTD_SSP_Patch-6.4.0.9# cat status.log
from status.log file, you can confirm if the hotfix is applied."
Hope that helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide