cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1645
Views
0
Helpful
1
Replies

Azure FTD - Patching Issue

Quintin.Mayo
Level 2
Level 2

Hi,

 

we applied the FTD update version 6.4.0.10-2 to patch the recent Cisco vulnerability and after it was done, I went back into the updates just to verify they were all applied. To our surprise, both FTD appliances, are still on version 6.4.0.9-62 even though when we applied .10-2 it shows it applied them correctly and it rebooted the appliance. I even went ahead and tried to apply it a second time to the Azure FTD, it seemed to be successful but it did not apply it. If we go back into the Updates and select Install for that patch, the 2 appliances still show as unpatched. I even SSH into the Azure FTD to confirm and it shows the previous version .9-62 as well. Currently ALL our sensors and FTDs are in version 6.4.0.9-62 but the FTDs are missing the security patch. We do not see any pre-requisite patch to apply and it is not complaining about missing anything during the install. Any assistance would be greatly appreciated.

 

Thanks,

 

1 Reply 1

ida71
Level 1
Level 1

I asked Cisco TAC this question re no indication of hotfix being applied, bith FMC & CLi "sho version" show 6.4.0.9 as the current version AFTER the hotfix is applied.

According to Cisco this is the correct behaviour !  Weird, as the hot fix has a version number.  Their advice is to do the following to check status.

 

"Another way to check if hotfix is applied is from FTD CLI.

  • Log in to FTD cli , then gain root access by typing “sudo su”.
  • Navigate to the directory /ngfw/var/log/sf

cd /var/log/sf

  • Navigate to the hotfix directory and check the status.log file.

In below example, I’m checking the status.log file of patch 6.4.0.9, you can check the hotfix 6.4.0.10-2 directory via same procedure

 

root@firepower:/opt/cisco/csp/applications# cd /ngfw/var/log/sf/

root@firepower:/ngfw/var/log/sf# ls -la

total 260

drwxr-xr-x  4 root root  4096 Sep 20 04:02 .

drwxr-xr-x 13 root root  8192 Sep 21 04:02 ..

drwxr-xr-x 12 root root  4096 Jul  9 16:39 Cisco_FTD_SSP_Patch-6.4.0.9

-rw-r--r--  1 www  www     46 Jul  9 16:39 SW_update_info.txt

-rw-r--r--  1 root root 17520 Sep 21 14:09 data_service.log

-rw-r--r--  1 root root  5761 Sep 20 03:33 data_service.log.1.gz

-rw-r--r--  1 root root  7744 Sep 14 03:41 data_service.log.2.gz

-rw-r--r--  1 root root  5990 Sep  6 03:41 data_service.log.3.gz

-rw-r--r--  1 root root  7539 Aug 31 03:49 data_service.log.4.gz

-rw-r--r--  1 root root   508 Jul  9 16:37 db_manage.log

 

root@firepower:/ngfw/var/log/sf# cd Cisco_FTD_SSP_Patch-6.4.0.9/

root@firepower:/ngfw/var/log/sf/Cisco_FTD_SSP_Patch-6.4.0.9# cat status.log

 

from status.log file, you can confirm if the hotfix is applied."

 

Hope that helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: