Re: Config lost when doing an FTD OS Upgrade

johnlloyd_13 · ‎09-12-2020

hi,

i managed to perform an FTD OS upgrade from 6.4 to 6.5 but noticed the initial config i did for 6.4 was gone and had to re-configure. i thought the configuration is persistent in flash memory. is there a prior step that i should've done prior to an upgrade, say like a backup?

i configured MGMT1/1 as 192.168.1.45/24 (same as the "inside" subnet) and connected to eth1/2. it was able to get to the internet (DNS, NTP were green/up). but i don't see its L3 IP using any FTD show commands. i also can't ping 192.168.1.45 and HTTPS to it from my PC 192.168.1.10. is FDM web MGMT only accessible via GW 192.168.1.1?

> show version

-------------------[ firepower ]--------------------

Model : Cisco Firepower 1010 Threat Defense (78) Version 6.5.0 (Build 115)

UUID : ed6261ec-f4ad-11ea-8c52-8e7af62c5e24

Rules update version : 2019-08-12-001-vrt

VDB version : 309

----------------------------------------------------

> show interface summary

Interface Vlan1 "inside", is up, line protocol is up

Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec

MAC address 5c5a.c7b8.f785, MTU 1500

IP address 192.168.1.1, subnet mask 255.255.255.0

Traffic Statistics for "inside":

4003 packets input, 1160157 bytes

5489 packets output, 4710386 bytes

354 packets dropped

1 minute input rate 2 pkts/sec, 568 bytes/sec

1 minute output rate 1 pkts/sec, 549 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 2 pkts/sec, 772 bytes/sec

5 minute output rate 2 pkts/sec, 729 bytes/sec

5 minute drop rate, 0 pkts/sec

Interface Ethernet1/1 "outside", is up, line protocol is up

Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec

MAC address 5c5a.c7b8.f7c8, MTU 1500

IP address 116.87.x.x, subnet mask 255.255.192.0

Traffic Statistics for "outside":

1155320 packets input, 68877527 bytes

7018 packets output, 1271712 bytes

3800 packets dropped

1 minute input rate 767 pkts/sec, 35847 bytes/sec

1 minute output rate 2 pkts/sec, 515 bytes/sec

1 minute drop rate, 2 pkts/sec

5 minute input rate 766 pkts/sec, 35982 bytes/sec

5 minute output rate 2 pkts/sec, 724 bytes/sec

5 minute drop rate, 2 pkts/sec

Interface Ethernet1/2 "", is up, line protocol is up <<< CONNECTED MGMT1/1

Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec

Available but not configured via nameif

Interface Ethernet1/3 "", is up, line protocol is up

Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec

Available but not configured via nameif

Interface Ethernet1/4 "", is down, line protocol is down

Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec

Available but not configured via nameif

Interface Ethernet1/5 "", is down, line protocol is down

Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec

Available but not configured via nameif

Interface Ethernet1/6 "", is down, line protocol is down

Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec

Available but not configured via nameif

Interface Ethernet1/7 "", is down, line protocol is down

Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec

Available but not configured via nameif

Interface Ethernet1/8 "", is down, line protocol is down

Hardware is EtherSVI, BW 1000 Mbps, DLY 10 usec

Available but not configured via nameif

Interface Management1/1 "diagnostic", is up, line protocol is up

Hardware is en_vtun rev00, BW Unknown Speed-Capability, DLY 1000 usec

Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)

Input flow control is unsupported, output flow control is unsupported

MAC address 5c5a.c7b8.f781, MTU 1500

IP address unassigned

1243 packets input, 120537 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

0 pause input, 0 resume input

15 L2 decode drops, 0 demux drops

0 packets output, 0 bytes, 0 underruns

0 pause output, 0 resume output

0 output errors, 0 collisions, 2 interface resets

0 late collisions, 0 deferred

6 input reset drops, 0 output reset drops

input queue (blocks free curr/low): hardware (0/0)

output queue (blocks free curr/low): hardware (0/0)

Traffic Statistics for "diagnostic":

705 packets input, 60528 bytes

0 packets output, 0 bytes

688 packets dropped

1 minute input rate 0 pkts/sec, 31 bytes/sec

1 minute output rate 0 pkts/sec, 0 bytes/sec

1 minute drop rate, 0 pkts/sec

5 minute input rate 0 pkts/sec, 30 bytes/sec

5 minute output rate 0 pkts/sec, 0 bytes/sec

5 minute drop rate, 0 pkts/sec

Management-only interface. Blocked 0 through-the-device packets

Mohammed al Baqari · ‎09-13-2020

This is unusual. If you followed normal upgrade from fmc or fdm then
definitely config is persistent. However if you did rebuild of ftd the you
will lose config.

Backup is always a best practice before upgrade but even without it config
is persistent

***** please remember to rate useful posts

johnlloyd_13 · ‎09-13-2020

i followed the upgrade path for major upgrade 6.4.0 to 6.5.0. it's very strange my config got lost.

how about my other question, is FDM web MGMT only accessible via GW 192.168.1.1 (from inside)? i already gave MGMT1/1 192.168.1.45 but can't ping or HTTPS to it.