Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
681
Views
0
Helpful
3
Replies

Firepower in ASA mode ignores boot statement

ronit
Level 1
Level 1

‎11-02-2022 01:59 AM

Saw a very curious issue today. 

Our estate runs Firepower 1120s in ASA mode running firmware 9.14.2.15. We found an ASA with firmware 9.16. Strangely, the 9.16 firmware was nowhere on disk0:, but after each reboot, the boot would persist to 9.16. We copied 9.14.2.15 to disk0:. changed the boot statement and rebooted, it booted again to 9.16. Whatever we tried, we couldn't get it to boot using 9.14.2.15 and 9.16 was nowhere on disk0:. Eventually, we converted the firewall back to ftd mode, comverted it back to ASA mode using 9.14.2.15 and then it stuck to 9.14.2.15. Leads me to believe a few things about the Firepowers

  1. The firmware image is stored somewhere other than disk0: because when converting from FTD to ASA mode, even after a successful conversion, the file doesn't appear in disk0:, but persists after reboot
  2. Using the boot statement to point to another file in disk0: doesn't work, it boots only to the version that was used for conversion from FTD to ASA mode. Even if the original firmware is missing from disk0:, it continues to boot to this image
  3. The only way to change from 1 ASA firmware to another ASA firmware is to roll back to FTD mode and convert to the correct image directly.

Have others noticed the same behaviour?

0 Helpful
3 Replies 3

marce1000
VIP
VIP

‎11-02-2022 04:44 AM

 

 - Issue the command show bootvar , also check the value of the configuration register , make sure the latter is as intended for production usage.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

ronit
Level 1
Level 1
In response to marce1000

‎11-03-2022 02:22 AM

I can confirm the configuration register is 0x1, I double checked. I didn't check "show bootvar" and the device is now in production. 

Is the behaviour that I saw expected or is it wrong?

0 Helpful

marce1000
VIP
VIP
In response to ronit

‎11-03-2022 04:36 AM

 

 - We will still need show bootvar output , when time permits , to confirm whether there is a problem or not ,the configuration register that  you show seems incomplete.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card