Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
622
Views
0
Helpful
4
Replies

Firepower 4110 and FXOS version

nevin.maurice1
Level 1
Level 1

‎05-22-2018 08:22 AM - edited ‎02-21-2020 07:47 AM

My Firepower current FXOS version is 2.2.2(28), just recently updated.  Want to apply Firepower 6.2.3 on the device, however Cisco compatibility matrix indicates I need 2.3 FXOS.  Is this absolutely required?  Every time we try to update FXOS we run into hardware problems...some are know bugs, some are not. Each time TAC has to get involved.  We just updated to 2.2.2.28 and had issues with 2 of our 4 devices (4110).  We are hesitant to update FXOS again at this time, but want to get all of our Firepower code at 6.2.3.  

Any thoughts/recommendations?  Do we need to update FXOS?

Labels:
0 Helpful
4 Replies 4

Florin Barhala
Level 6
Level 6

‎05-23-2018 01:28 AM

Obviously this will not help me, but let me get this please: if you run FXOS how come you also use Firepower?
You mean Firepower for the management server and FXOS for the security appliances?
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Florin Barhala

‎05-23-2018 09:03 AM

@Florin Barhala FX-OS is for the physical chassis, not the logical device.

 

The logical device in this case runs a release of Firepower Threat Defense software (and the managing FMC runs a compatible release).

0 Helpful

nevin.maurice1
Level 1
Level 1
In response to Marvin Rhoads

‎05-29-2018 10:36 AM

Thanks for your reply.  And as stated, Cisco recommended keeping all versions to their suggested versions as per the compatibility matrix.  With that said, I am curious about code versions.  Maybe someone can provide confirmation for me on the following:  We have a mixed environment as this time with:

- Cisco ASA devices running ASA code

- Cisco ASA devices running ASA code and SFR(firepower services module) firepower code

- Cisco ASA devices that have been converted to FTD image running firepower code

- Cisco FTD devices (4100, 2100) running FXOS and Firepower code

 

Updating Code:

- ASA devices > update ASA code

- ASA devices with SFR > update ASA code and Firepower code (compatible versions)

- ASA devices converted to FTD > update only Firepower code (no underlying OS or FXOS to worry about)

- Cisco FTD Device 2100 > update only Firepower code as FXOS is updated as part of it

- Cisco FTD Device 4100 > update FXOS and Firepower code (compatible versions)

 

Does that sound correct?

0 Helpful

Bogdan Nita
VIP Alumni
VIP Alumni

‎05-23-2018 02:56 AM

According to this doc FXOS 2.3(1.73) is the only version that supports Firepower 6.2.3:
https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/compatibility/fxos-compatibility.html
I would not recommend upgrading to 6.2.3 without having FXOS 2.3(1.73), you could be running in a number of compatibility issues and if you open a case they will firstly recommend upgrading the FXOS to a compatible version.

 

HTH

Bogdan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card