Buy or Renew
Buy or Renew
Notice: The file download function is disabled. We apologize for the inconvenience.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1496
Views
9
Helpful
4
Replies

Cisco ASA Upgrading the Firepower module

Go to solution
David Williams
Level 1
Level 1

‎04-22-2017 01:42 PM - edited ‎03-12-2019 02:15 AM

I have googled and read Cisco's documentation and googled some more trying to get the firepower module on an ASA 5508-X upgraded from what it came with 5.4.1 to 6.1.  The install scripts seem to just stall out and the module goes into an "unresponsive" state.  I have been trying to just follow the incremental upgrades so as to avoid wiping out preinstalled licensing.  

Everything that I have read said this process takes forever.  Several hours for some.  Now I don't know who has the time to sit around upgrading ASAs for days.  Should I just reimage and go straight to 6.1 from 5.4 and fight over licensing later?  I've got to be honest, I regret every having purchased these things.  I knew Firepower was going to be another bolt on Frankenstein like Cisco has done so many times before but I was really hoping that it would be more integrated than this by now.  

So disappointing.....I want the time lost to this ASA back but am stuck moving forward with it.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎04-22-2017 01:54 PM

I always re-image then.  Mush faster and with a known outcome.

I do share your sentiments.  Personally, I have moved a lot of my smaller customers across to Cisco Meraki instead.  The software updates are automatic.  They can't do as many things - but can usually do everything that smaller customers need.  Because of this they are much easier to look after.
https://meraki.cisco.com/products/appliances

View solution in original post

4 Replies 4

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎04-22-2017 01:54 PM

I always re-image then.  Mush faster and with a known outcome.

I do share your sentiments.  Personally, I have moved a lot of my smaller customers across to Cisco Meraki instead.  The software updates are automatic.  They can't do as many things - but can usually do everything that smaller customers need.  Because of this they are much easier to look after.
https://meraki.cisco.com/products/appliances

Go to solution
jsonon
Level 1
Level 1

‎05-02-2017 10:20 AM

We're got quite a few FirePOWER customers now and literally several dozen 5.4 to 6.x SFR upgrades to get scheduled. Incremental upgrades can take most of a day per device to follow the insane process and customers don't want to see big labor bills for what to them should be a simple upgrade. The answer cannot be tear out ASAs for Meraki. Even complete mass reimaging can take hours per device and bomb for various reasons. There needs to be an faster way to maintain these. Any ideas?

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to jsonon

‎05-02-2017 11:45 AM

I use the scheduler in FPM to upgrade the sensors. I set it for after hours upgrade and It's worked pretty good so far. 

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to jsonon

‎05-02-2017 12:33 PM

There does need to be a faster way.  The current patching and upgrade process is not good.

The only other option I can offer (and we do our selves) is to save the customer upgrades up, and then do them all concurrently.  We call it a Firepower day.  You can do lots of upgrades at once because you spend most of your time waiting, waiting, waiting.  Then you can split the labour cost across all the clients getting the upgrade.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card