Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3151
Views
0
Helpful
3
Replies

Firepower 1140 Upgrade failed

lowfell
Level 3
Level 3

‎09-18-2020 01:53 AM

Hello all. We have a customer who upgraded the FMC upgraded from 6.6.0 to 6.6.1 successfully.

I

then to upgrade the FTDs from 6.4.0 to 6.6.0 but hit an error which states Update to install failed. we are both new to FTD, whereabouts can we see more detailed info on the failure please?

0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-18-2020 09:13 PM

Did you redeploy policy after upgrading FMC? That is recommended and addresses the majority of failure causes when subsequently upgrading managed devices.

To see the reason for a failed upgrade, we can usually find it in a log file on the target device. You need to go into the cli and then be in expert mode to look at the file system. Upgrades are in directories under /var/log/sf. Change to the relevant upgrade directory and look at the last entry in status.log. You can then change to the relevant subdirectory and look in its log to see the exact detail as to why the upgrade failed.

0 Helpful

lowfell
Level 3
Level 3
In response to Marvin Rhoads

‎09-22-2020 02:07 AM

hello. we used this document to try and help troubleshoot the failure. it mentions upgrading the snort rules. is this a must? as these devices aren't in production yet and aren't connected to the internet, so we can't upgrade snort yet?

 https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/215211-attempt-to-upgrade-firepower-devices-res.html 

 

Also in there was a directory called /sf and another directory /var/logs but some of the logs said we didn't have permission to view them even though we were in expert mode how can we view these?

 

To be honest why are Cisco making this so difficult? why can't we see the failure reason from the gui if that's what you want us to use? 

 

Apologies for the rant  but this is very frustrating and anything but straight forward.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-22-2020 10:11 AM

You just need to sync the policy with FMC first so that the Snort rules on the managed device are not too far off from what FMC has. There's no need to update from the Internet.

I've never had any trouble looking at logs but if you run across that you should be able to switch to superuser mode to see everything. ("sudo su -")

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card