Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
758
Views
2
Helpful
3
Replies

Firepower 1010 NGFW upgrade 7.0 to 7.4.2

Go to solution
doralex2003
Level 1
Level 1

‎02-05-2025 11:22 PM

Hello,

I want to upgrade a Firepower 1010 NGFW from version 7.0.1-84 to version 7.4.2-172.

I have the following files ready:

1. Cisco_FTD_SSP_FP1K_Upgrade-7.4.2-172.sh.REL.tar

2. Cisco_FTD_SSP_FP1K_Patch-7.4.2.1-30.sh.REL.tar

3. cisco-ftd-fp1k.7.4.2-172. SPA

4. fxos-mibs-fp1k.2.14.1.167.zip

My questions are as follows:

1. Does the Firepower 1010 support upgrading to version 7.4.2 (hardware and Management Center)?

2. I know the first 2 files are for the FTD1010 hardware firmware upgrade, but what does the 3rd file (cisco-ftd-fp1k.7.4.2-172. SPA) update to?

3. Do I also need file 4 (fxos-mibs-fp1k.2.14.1.167.zip) or is it automatically installed/updated when I install/update file 1 (Cisco_FTD_SSP_FP1K_Upgrade-7.4.2-172.sh.REL.tar)?

4. What would be the correct order of the 1-2-3 or 3-1-2 Update files to be loaded/updated?

5. Is it enough to make a manual Backup from the web/GUI interface and save it to the computer to restore the configuration or is a different Backup done (on the internet I saw that it says backup to FDM and FMC)

5.1 Does Backup also save certificates, objects, users, and VPN configuration? Can a backup made to version 7.0.1 be restored to the new version 7.4.2?

6. Should I temporarily disable all scheduled Updates (VDB, Intrusion, ....) or is it enough to follow the task so that nothing runs?

7. How long does the entire Upgrade process take in hours?

There is only one Router that I manage through the web/GUI interface directly from my laptop, connected to ETH2 not through the management port.
 
There is only one Router that I manage through the web/GUI interface directly from my laptop, connected to ETH2 not through the management port.
 
Thank you
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎02-05-2025 11:52 PM

@doralex2003 you only need the upgrade file (1) and the patch (2) to upgrade the FPR-1010, installed in order 1 then 2. The third file is the install file, you only need to use that if you are reimaging the device, not needed when upgrading.

From memory, I would expect the upgrade to take around 1-1.5 hours.

I assume you are using FDM to manage the firewall locally, rather than using FMC? Take a backup file and save to the local computer, if there is a problem then you can restore. NOTE - You can restore a backup onto a replacement device only if the two devices are the same model and are running the same version of the software

Backups include the configuration only, and not the system software, which would include objects, user, VPN configuration etc. I would also recommend exporting your certificates separetely to the backup.

You can disable those scheduled updates if you wish or just run the upgrade after they have run.

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎02-05-2025 11:52 PM

@doralex2003 you only need the upgrade file (1) and the patch (2) to upgrade the FPR-1010, installed in order 1 then 2. The third file is the install file, you only need to use that if you are reimaging the device, not needed when upgrading.

From memory, I would expect the upgrade to take around 1-1.5 hours.

I assume you are using FDM to manage the firewall locally, rather than using FMC? Take a backup file and save to the local computer, if there is a problem then you can restore. NOTE - You can restore a backup onto a replacement device only if the two devices are the same model and are running the same version of the software

Backups include the configuration only, and not the system software, which would include objects, user, VPN configuration etc. I would also recommend exporting your certificates separetely to the backup.

You can disable those scheduled updates if you wish or just run the upgrade after they have run.

Go to solution
doralex2003
Level 1
Level 1
In response to Rob Ingram

‎02-06-2025 04:09 AM

I still have 2 questions that bother me:

1. after the update, do the objects, users, certificates and VPN settings remain in place (if everything goes normally with the update) or do they have to be created again?

2. how do I export the certificates (I only have 2 buttons, delete and edit - which gives me the possibility to replace the respective certificate) it is no longer like on the old RV160w router where I also had an export button.

Yes, I use FDM for management and only the GUI interface, I don't know the CLI language.

Thanks

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to doralex2003

‎02-06-2025 04:19 AM

@doralex2003 if successful, everything should be in place after the upgrade, you do not need to re-import objects, certificates or the configure the VPN etc. The backup is good practice and just in case there is a problem.

I see no mention of export in the Cisco document eihter tbh - https://www.cisco.com/c/en/us/td/docs/security/firepower/740/fdm/fptd-fdm-config-guide-740/fptd-fdm-certificates.html Do you have the original certificate? You shouldn't need it under normal circumstances, it is just in case.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card