03-28-2018 12:46 AM - edited 02-21-2020 07:34 AM
Hi,
I have cisco 5516x with firepower.
My firepower install at FMC version 5.4.1.
Below my question.
1. what is the best practice to update the rule ( System > Update > Rule Updates ) by weekly basis or monthly ?
2. Any impact during the rule update?
3. how rollback in case any issue.
04-02-2018 06:20 PM
Hi Marvin,
If we upgrade from 5.4.1 to 6.2.2 , it will not effect the ASA traffic right ? ( currently set to monitor-only )
It require atleast 4 hour to upgrade to 6.2.2 ?
Thank you
04-03-2018 01:23 AM - edited 04-03-2018 01:27 AM
If your ASA Firepower service module is at 5.4.1 and being used in monitor-only mode, then an upgrade (or even uninstall) will not affect traffic through the ASA.
It it would be easier to de-register it from FMC, upgrade FMC to the current 6.2.3 release (that will take several hours by itself) and then re-image the module to 6.2.3, re-register it and re-deploy the policies.
04-03-2018 01:55 AM
04-03-2018 06:34 AM - edited 04-03-2018 06:37 AM
You don't need console (ESXi) access to FMC to upgrade it. You do need to be able to transfer files you have downloaded from cisco.com onto a PC to the server via the web interface.
You do need console (ssh) access to the Firepower (sfr) service module to reimage it. If you upgraded it step-by-step instead you can do it all via the FMC but it will take most of an entire day (assuming it all goes well) vs. about 2 hours to reimage.
I really recommend you read the documentation on the above steps. It's all covered there - upgrading, re-imaging, registering, deploying policy etc. There are many good free presentations available on Cisco Live as well. You should understand the basics before logging into any production system and making significant changes.
04-12-2018 06:27 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide