10-09-2017 11:11 PM - edited 02-21-2020 06:27 AM
Hi Community,
We have Cisco ASA 5516-X Firepower Threat Defense running on version 6.1.0. We are planning to upgrade the firmware to version 6.2.X. I believe on version 6.1.X the available and only way to upgrade the firmware is to use HTTP, TFTP or SCP via SSH and CLI commands and not on GUI. Unfortunately, we dont have HTTP server and as usual we are using TFTP (TFTP64) for file transfer.
Is there a guide on how to upgrade or commands and procedures using TFTP?
Thank you in advance.
Solved! Go to Solution.
10-11-2017 12:56 AM
You should execute the file transfer with superuser (su) privilege level.
Try "sudo su" first (to switch user for the session) or run the scp command preceded by "sudo" (to change user for that command only).
10-10-2017 01:38 AM
You can upgrade via the GUI whether you are running Firepower Device Manager (local manager) or Firepower Management Center (remote manager).
Instructions for each are linked below:
10-10-2017 04:11 AM
Hi Marvin,
Yeh, for version 6.2.X upgrade process can be done on GUI. But in my case i'm running on version 6.1 and cannnot be done on GUI. It just give me the instruction on how to upgrade using HTTP, FTP etc..
When I click the See intruction a new window will open like this:
10-10-2017 05:51 AM
Ah you are correct. I had forgotten they changed that behavior in 6.2.
In your case instead of the "sudo wget <filename>" command for http, you could downlaod something like the free SolarWinds SCP server and use scp instead. (I tried tftp and could not make the transfer work - some issue with option settings that aren't configurable from FTD).
Here's an example of using SCP:
root@vftd-new:/var/sf/updates# ls -al
total 8
drwxrwxr-x 2 root www 4096 Oct 10 12:48 .
drwxr-xr-x 68 root root 4096 Sep 6 07:30 ..
root@vftd-new:/var/sf/updates#
root@vftd-new:/var/sf/updates# scp marvin@172.31.1.5:test.txt test.txt
marvin@172.31.1.5's password:
test.txt 100% 7 0.0KB/s 00:00
lost connection
root@vftd-new:/var/sf/updates#
root@vftd-new:/var/sf/updates#
root@vftd-new:/var/sf/updates# ls -al
total 12
drwxrwxr-x 2 root www 4096 Oct 10 12:48 .
drwxr-xr-x 68 root root 4096 Sep 6 07:30 ..
-rwx------ 1 root root 7 Oct 10 12:48 test.txt
root@vftd-new:/var/sf/updates# more test.txt
test123
root@vftd-new:/var/sf/updates#
10-10-2017 10:44 PM
Hi Marvin,
Thank you for your reply.
I will try this commands using SCP. Is this only for uploading the file from SCP server to the device?
How about the command if i will install the upgrade file?
Thank you.
10-10-2017 10:49 PM - edited 10-10-2017 10:52 PM
You're welcome.
Yes - the scp process is just to upload the file to the expected directory on your appliance.
If you scroll down on the help screen you shared earlier you will see the syntax for running the upgrade script (Firepower and FTD upgrades are generally ".sh" files = shell scripts).
10-10-2017 11:23 PM
Hello Marvin,
I tried the commands but i'm getting error.
Could you share your settings on your SCP? I'm using SSH via Putty to access the device.
10-11-2017 12:56 AM
You should execute the file transfer with superuser (su) privilege level.
Try "sudo su" first (to switch user for the session) or run the scp command preceded by "sudo" (to change user for that command only).
10-18-2017 03:38 AM
Hi Marvin,
Running the scp command preceeded by "sudo" made the file transfer successful.
I can now proceed with the upgrade process.
Thank you for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide