Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3161
Views
5
Helpful
5
Replies

Firepower 4140 FTD + FMC upgrade sequence and packages

Go to solution
Jorge F
Level 1
Level 1

‎05-28-2021 09:03 AM

Hi gents,

 

We're going to be upgrading a HA cluster of Firepower 4140 along with their standalone vFMC, and after reviewing all documentation two doubts remain in the back on my head:

 

Current versions:

vFMC 6.3.0

FXOS 2.6.1

FTD 6.3.0

 

Target vesions:

vFMC: 6.6.4

FXOS: 2.8.1

FTD: 6.6.4

 

1) Upgrade sequence: My understanding is FMC should go first, then FXOS on a per chassis basys, then FTD. 

 

2) A bit confused on needed packages, specifically:

 

vFMC: there's what appears to be a full VMWare install package and then the Firepower Management Center upgrade file. Which one should be going for?

FXOS: there's the FXOS full image and then four separate packages (kickstart, manager, system, MIB ...). Which one should we be going for?

FTD: Same, there's the install package along with and upgrade package.

 

 

Thanks a ton for your insights.

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-28-2021 09:38 AM

Your FMC and FTD appliance can both go directly to 6.6.4. It used to be that you had to first move to the x.x.0 release but not so with 6.6.x. For FXOS use the full image. Do that before upgrading the FTD version. You upgrade the FTD HA pair from FMC. It will take care of the Active and Standby sequencing. Redeploy to sync everything after both the FMC upgrade and the FTD upgrade.

 

Files needed and recommended order of upgrades:

FMC Upgrade: Cisco_Firepower_Mgmt_Center_Upgrade-6.6.4-59.sh.REL.tar
https://software.cisco.com/download/home/286259687/type/286271056/release/6.6.4

FX-OS upgrade: fxos-k9.2.10.1.159.SPA
https://software.cisco.com/download/home/286306179/type/286287263/release/2.10.1.159

Also upgrade to the latest firmware to address a recent Field Notice:

https://www.cisco.com/c/en/us/support/docs/field-notices/720/fn72077.html

Firmware image v. 1.0.19 for Firepower 4000 Series: fxos-k9-fpr4k-firmware.1.0.19.SPA

You upload it via FCM (it won't appear in the GUI after uploaded but can be seen in the cli) and then install it via cli.

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/firmware-upgrade/fxos-firmware-upgrade.html#id_109996

FTD Upgrade: Cisco_FTD_SSP_Upgrade-6.6.4-59.sh.REL.tar
https://software.cisco.com/download/home/286306179/type/286306337/release/6.6.4

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-28-2021 09:38 AM

Your FMC and FTD appliance can both go directly to 6.6.4. It used to be that you had to first move to the x.x.0 release but not so with 6.6.x. For FXOS use the full image. Do that before upgrading the FTD version. You upgrade the FTD HA pair from FMC. It will take care of the Active and Standby sequencing. Redeploy to sync everything after both the FMC upgrade and the FTD upgrade.

 

Files needed and recommended order of upgrades:

FMC Upgrade: Cisco_Firepower_Mgmt_Center_Upgrade-6.6.4-59.sh.REL.tar
https://software.cisco.com/download/home/286259687/type/286271056/release/6.6.4

FX-OS upgrade: fxos-k9.2.10.1.159.SPA
https://software.cisco.com/download/home/286306179/type/286287263/release/2.10.1.159

Also upgrade to the latest firmware to address a recent Field Notice:

https://www.cisco.com/c/en/us/support/docs/field-notices/720/fn72077.html

Firmware image v. 1.0.19 for Firepower 4000 Series: fxos-k9-fpr4k-firmware.1.0.19.SPA

You upload it via FCM (it won't appear in the GUI after uploaded but can be seen in the cli) and then install it via cli.

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/firmware-upgrade/fxos-firmware-upgrade.html#id_109996

FTD Upgrade: Cisco_FTD_SSP_Upgrade-6.6.4-59.sh.REL.tar
https://software.cisco.com/download/home/286306179/type/286306337/release/6.6.4

 

0 Helpful

Go to solution
Jorge F
Level 1
Level 1
In response to Marvin Rhoads

‎06-24-2021 01:46 AM - edited ‎06-24-2021 01:47 AM

Hi Marvin,

 

Last query here.

FTD can be done via the FMC right? As far as I can tell and as per the below article:

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200896-Upgrading-an-FTD-HA-pair-on-Firepower-ap.html

 

I believe the above scenario applies as we have a standalone FMC taking care of two FP chassis in HA.

 

Thanks again

 

 

0 Helpful

Go to solution
rschlayer
Level 4
Level 4
In response to Jorge F

‎06-24-2021 02:29 AM

Hi @Jorge F 

yes, you upgrade the FTD via FMC in that case.

BR
Rick

Go to solution
Jorge F
Level 1
Level 1
In response to rschlayer

‎06-24-2021 08:22 AM

Awesome, thanks @rschlayer 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-28-2021 09:40 AM

yes high leve your understanding is correct. check the compatable VM requirement.

Read the release notes and compatable requirement.

 

here is the upgrade guide :

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/213269-upgrade-procedure-through-fmc-for-firepo.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card