Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
500
Views
1
Helpful
6
Replies

Cisco 2130 Firepower FTD software upgrade failure

robert-l-swafford2-ctr
Level 1
Level 1

‎09-17-2025 12:37 AM

Greetings,

We have a Cisco 2130 Firepower FTD that we recently attempted to upgrade the software version 7.4.2.2 to 7.4.2.3-4.

Via the Cisco 2600 FMC, we ran the update via Setup - Product Upgrade - and selected the device.  The package uploaded, the compatibility check completed with zero issues.  The installation was started and got to the 7 minutes to go point of the update were the device rebooted.  Since the reboot happened it has failed to successfully return to a normal operational state.

Can anyone offer any suggestions on what trouble shooting steps we might consider?

This same device has a history of doing this reaction during updates in the past.  The last time in March 2025 it took 16 hours to magically come on line.  This time it has been over 96 hours since the attempted update.  At the 30 hour mark, the decision was to reboot the device.  The results have been the same.  The lights on the front panel are Power on, SSD1 is solid green, the Management port is lit up as well.

On the FMC the device is disabled status.

On the direct connect via the laptop and console port, there is zero prompt reply.

The device is on a air gapped network so I am not able to provide the trouble shooting files if I was able to get into the device.

We are looking to swap out the 2130 for a baseline 2130.  Then restore the FMC full back up of the device that is 2 weeks old.

Can anyone offer any information on what might have caused this device to behave like this multiple times?

Can anyone offer the steps to ensure the replacement device is fully factory reset?

Can anyone offer the steps to restore the back up file the FMC has for the device onto the replacement device?

Once this restoral of the configuration file is complete, is there any test other than placing it online to validate all the settings are consistent with the previous device running configuration?

0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎09-17-2025 05:25 AM - edited ‎09-17-2025 11:01 PM 

Can anyone offer any suggestions on what trouble shooting steps we might consider?

if this is in  production  i suggest to reach the TAC to get fast fix.

If the FMC working and operation, you like to go that route of re-image and get back FTD, you need to same version of backup

re-image and register with FMC that FTD, should work as expected.

is this HA then you need to follow same procedure for standby too,

restore steps :

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/backup_and_restore.html

 

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

robert-l-swafford2-ctr
Level 1
Level 1

‎09-17-2025 06:00 AM

Balaji,

Thanks for the reply.

I have a TAC ticket and because the device is offline and not reachable/able to communicate to the device I can not give Cisco the trouble shoting files.  They have replied asking the status and color of the lights on the front panel.

The FMC is fully operational but this FTD 2130 device is not communicating to the FMC or the direct connected laptop via the console port.

This is a Tier-1 device that is a one of one device at the remote location is services.

There are 2 Tier-2 devices under this device at the location, these two devices are working perfectly and reporting/communicating to the FMC.

Thank you for the restore steps document.

0 Helpful

Aref Alsouqi
VIP
VIP
In response to robert-l-swafford2-ctr

‎09-17-2025 10:44 AM

I'd thought this case should be raised to P1 and a TAC engineer should be on the phone to trying to support you in bringing it back online if possible. I know you can't raise the case severity from the portal, but you could call TAC and ask them to raise the case which they should, and stay on the phone until an engineer is passed to you.

0 Helpful

robert-l-swafford2-ctr
Level 1
Level 1
In response to Aref Alsouqi

‎09-18-2025 01:16 AM

CISCO TAC engineers have been very responsive to this issue.  We have been very limited in our ability to do the cold reboot due to the remote location of the device and lack of replacement equipment on site.

We are now building a replacement 2130.

balaji.bandi
Hall of Fame
Hall of Fame
In response to robert-l-swafford2-ctr

‎09-17-2025 11:03 PM

Sure then you need to troubleshoot using onsite help, with console to get to see what is wrong, also front panel LED will help what is wrong with device.

 

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

robert-l-swafford2-ctr
Level 1
Level 1
In response to balaji.bandi

‎09-18-2025 01:52 AM

Balaji,

Thanks for the replies. 

I have a factory reset Cisco Firepower 2130 FTD.

We are looking to configure it from factory reset to operational without the use of the FMC. 

After it is configured onsite at this location it will be transported to the remote site. 

Then the configuration of the Cisco 2130 Firepower FTD connecting it to the FMC. 

Once this configuration is completed and the communication to the FMC is established, it is my belief the previous policies will be deployed with the device being online and operational.

Do you have the correct installation guides required to complete this?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card