Solved: CLI Commands for Ugrading Cisco 5516-X FTD Software

VCsupport17 · ‎10-09-2017

Hi Community,

We have Cisco ASA 5516-X Firepower Threat Defense running on version 6.1.0. We are planning to upgrade the firmware to version 6.2.X. I believe on version 6.1.X the available and only way to upgrade the firmware is to use HTTP, TFTP or SCP via SSH and CLI commands and not on GUI. Unfortunately, we dont have HTTP server and as usual we are using TFTP (TFTP64) for file transfer.

Is there a guide on how to upgrade or commands and procedures using TFTP?

Thank you in advance.

Marvin Rhoads · ‎10-11-2017

You should execute the file transfer with superuser (su) privilege level.

Try "sudo su" first (to switch user for the session) or run the scp command preceded by "sudo" (to change user for that command only).

View solution in original post

Marvin Rhoads · ‎10-10-2017

You can upgrade via the GUI whether you are running Firepower Device Manager (local manager) or Firepower Management Center (remote manager).

Instructions for each are linked below:

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/fdm/fptd-fdm-config-guide-620/fptd-fdm-mgmt.html#id_32969

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/relnotes/Firepower_System_Release_Notes_Version_620/updating_to_version_6_2_0.html#id_39129

VCsupport17 · ‎10-10-2017

Hi Marvin,

Yeh, for version 6.2.X upgrade process can be done on GUI. But in my case i'm running on version 6.1 and cannnot be done on GUI. It just give me the instruction on how to upgrade using HTTP, FTP etc..

When I click the See intruction a new window will open like this:

Marvin Rhoads · ‎10-10-2017

Ah you are correct. I had forgotten they changed that behavior in 6.2.

In your case instead of the "sudo wget <filename>" command for http, you could downlaod something like the free SolarWinds SCP server and use scp instead. (I tried tftp and could not make the transfer work - some issue with option settings that aren't configurable from FTD).

Here's an example of using SCP:

root@vftd-new:/var/sf/updates# ls -al
total 8
drwxrwxr-x 2 root www 4096 Oct 10 12:48 .
drwxr-xr-x 68 root root 4096 Sep 6 07:30 ..
root@vftd-new:/var/sf/updates#
root@vftd-new:/var/sf/updates# scp marvin@172.31.1.5:test.txt test.txt
marvin@172.31.1.5's password:
test.txt 100% 7 0.0KB/s 00:00
lost connection
root@vftd-new:/var/sf/updates#
root@vftd-new:/var/sf/updates#
root@vftd-new:/var/sf/updates# ls -al
total 12
drwxrwxr-x 2 root www 4096 Oct 10 12:48 .
drwxr-xr-x 68 root root 4096 Sep 6 07:30 ..
-rwx------ 1 root root 7 Oct 10 12:48 test.txt
root@vftd-new:/var/sf/updates# more test.txt
test123
root@vftd-new:/var/sf/updates#

VCsupport17 · ‎10-10-2017

Hi Marvin,

Thank you for your reply.

I will try this commands using SCP. Is this only for uploading the file from SCP server to the device?

How about the command if i will install the upgrade file?

Thank you.

Marvin Rhoads · ‎10-10-2017

You're welcome.

Yes - the scp process is just to upload the file to the expected directory on your appliance.

If you scroll down on the help screen you shared earlier you will see the syntax for running the upgrade script (Firepower and FTD upgrades are generally ".sh" files = shell scripts).

VCsupport17 · ‎10-10-2017

Hello Marvin,

I tried the commands but i'm getting error.

Error MessageSCP Settings

Could you share your settings on your SCP? I'm using SSH via Putty to access the device.

Marvin Rhoads · ‎10-11-2017

You should execute the file transfer with superuser (su) privilege level.

Try "sudo su" first (to switch user for the session) or run the scp command preceded by "sudo" (to change user for that command only).

VCsupport17 · ‎10-18-2017

Hi Marvin,

Running the scp command preceeded by "sudo" made the file transfer successful.

I can now proceed with the upgrade process.

Thank you for your help.