Firepower 2110 upgrade to ASA 9.12.4.7 will cause reboot loop

patoberli · ‎10-31-2020

Firepower 2100 upgrade to ASA 9.12.4.7 will cause reboot loop.

Was just hit by this bug and was luckily able to recover.

Found this in the bug search: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw24700

You can downgrade through console port, but you need to hurry a little bit, because once the ASA image is more or less loaded, it crashes again and reboots.

So after logging in, the commands are:

scope firmware
show package (this will show all the available images on the disk)
scope auto-install
install security-pack version 9.12.4.4 (replace the version number with your previous version)
yes
yes

This will cause it to load the older firmware, reboot, load the old firmware, reboot. After this it should be back up and running.

I hope this helps somebody
Patrick

Marvin Rhoads · ‎10-31-2020

It seems this particular interim build might have multiple issues.

I had an unrelated case last week when using it with an ASA 5525-X. Immediately after upgrading the interfaces began seeing significant input errors. TAC advised reverting to the latest 9.10 interim (as an alternative to address the latest security advisories). As soon as we reverted the problem went away. Root cause analysis / bug confirmation is still pending on that case.

timlan · ‎01-28-2021

I have also seen this bug with FP2100 running 9.12.4.7. We went into the chassis manager > Logical Devices Tab > Switched off the logical device, and uploaded 9.12.4.10 to the device once the ASA had fully stopped and the box did not reboot itself. We upgraded to 9.12.4.10 and restarted the logical device one the upgrade completed. This resolved the issue.