cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4150
Views
30
Helpful
8
Replies

FirePOWER Updates

GRANT3779
Spotlight
Spotlight

From the FMC / System / Updates -

 

For Sensor patches and also FMC patches, do I need to install them one at a time or can I install the latest one only which will cover all patches beforehand?

 

E.G Lets us assume that for a sensor I have available -

 

6.1.0.1-53 - Patch
6.1.0.2-1 - Hotfix
6.1.0.2-57 - Patch
6.1.0.3-57 - Patch

 

Do I need to install all of these in order or can i go straight to the latest one? Also, what are the differences between the Hotfix and the Patches?

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

The latest patch in a given release can be installed straight away - they are cumulative. 6.1.0.5 is the current latest patch on 6.1 release; but 6.2.2. would be a better choice overall. (Of course you would have to move to 6.2.0 first)

 

Hotfixes are urgent updates released outside the patch release cycle. Usually they address one specific problem that was not uncovered during testing of the latest patch and are deemed of sufficient urgency to push them out more quickly.

View solution in original post

8 Replies 8

Marvin Rhoads
Hall of Fame
Hall of Fame

The latest patch in a given release can be installed straight away - they are cumulative. 6.1.0.5 is the current latest patch on 6.1 release; but 6.2.2. would be a better choice overall. (Of course you would have to move to 6.2.0 first)

 

Hotfixes are urgent updates released outside the patch release cycle. Usually they address one specific problem that was not uncovered during testing of the latest patch and are deemed of sufficient urgency to push them out more quickly.

Thanks Marvin.

The plan is to update to 6.2.2. I thought I had to install all the patches first.

To upgrade to 6.2.2 I assume I need to be on at least the latest patch for my current version?

I am looking to update from the FMC GUI.

What files do I need for this? I have done clean install of the sensor from CLI but never from GUI (only updates).

On Cisco download area I see the following attached files for download.

Which ones do I need to upload to GUI? I assume I won't need the .img file

 

Thanks

Any 6.1.0.x can upgrade to 6.2.0.

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/relnotes/Firepower_System_Release_Notes_Version_620/important_update_notes.html#id_38002

Once on 6.2.0, you would then patch to 6.2.2.

Generally you upgrade the FMC first, then any managed sensors.

As far as files, you use the sensor upgrade files for the Firepower modules. It's just the upgrade files - not the boot and img files - in the case of an inline upgrade.

Just like with the FMC, upgrade to 6.2.0 first then 6.2.2.

 

Hi Marvin. Following this thread. Right now I'm in version 6.4.0.7, I want to install hotfix 6.4.0.9 when it is available. Do I have to install patch 6.4.0.8 first or I can go straight to the hotfix??

 

Thanks.

 

Julio Guzmán

Hi @julioegb

Patches are cumulative, so you can always skip directly to the latest patch (within the current major version).

So no, you will not need to upgrade to 6.4.0.8 before install 6.4.0.9 (when it is available).

 

HTH

 

Usually it's like @Rob Ingram said.

But... Cisco has a bad way of numbering the hotfixes sometimes so that they resemble the patch numbering. Check the release notes always and follow that advice. Patches are cumulative and you can skip intermediate ones. True hotfixes usually have their own numbering and should be installed only on specified patch levels.

Thanks Marvin.

Few days ago Cisco released the hotfix 6.4.0.9. First I made an upgrade to patch 6.4.0.8 and then I installed the hotfix 6.4.0.9. All work well as you said. Thanks.

Review Cisco Networking for a $25 gift card