Solved: Re: FirePOWER Updates

GRANT3779 · ‎09-20-2017

From the FMC / System / Updates -

For Sensor patches and also FMC patches, do I need to install them one at a time or can I install the latest one only which will cover all patches beforehand?

E.G Lets us assume that for a sensor I have available -

6.1.0.1-53 - Patch
6.1.0.2-1 - Hotfix
6.1.0.2-57 - Patch
6.1.0.3-57 - Patch

Do I need to install all of these in order or can i go straight to the latest one? Also, what are the differences between the Hotfix and the Patches?

Marvin Rhoads · ‎09-20-2017

The latest patch in a given release can be installed straight away - they are cumulative. 6.1.0.5 is the current latest patch on 6.1 release; but 6.2.2. would be a better choice overall. (Of course you would have to move to 6.2.0 first)

Hotfixes are urgent updates released outside the patch release cycle. Usually they address one specific problem that was not uncovered during testing of the latest patch and are deemed of sufficient urgency to push them out more quickly.

View solution in original post

Marvin Rhoads · ‎09-20-2017

The latest patch in a given release can be installed straight away - they are cumulative. 6.1.0.5 is the current latest patch on 6.1 release; but 6.2.2. would be a better choice overall. (Of course you would have to move to 6.2.0 first)

Hotfixes are urgent updates released outside the patch release cycle. Usually they address one specific problem that was not uncovered during testing of the latest patch and are deemed of sufficient urgency to push them out more quickly.

GRANT3779 · ‎09-20-2017

Thanks Marvin.

The plan is to update to 6.2.2. I thought I had to install all the patches first.

To upgrade to 6.2.2 I assume I need to be on at least the latest patch for my current version?

I am looking to update from the FMC GUI.

What files do I need for this? I have done clean install of the sensor from CLI but never from GUI (only updates).

On Cisco download area I see the following attached files for download.

Which ones do I need to upload to GUI? I assume I won't need the .img file

Thanks

Marvin Rhoads · ‎09-20-2017

Any 6.1.0.x can upgrade to 6.2.0.

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/relnotes/Firepower_System_Release_Notes_Version_620/important_update_notes.html#id_38002

Once on 6.2.0, you would then patch to 6.2.2.

Generally you upgrade the FMC first, then any managed sensors.

As far as files, you use the sensor upgrade files for the Firepower modules. It's just the upgrade files - not the boot and img files - in the case of an inline upgrade.

Just like with the FMC, upgrade to 6.2.0 first then 6.2.2.

julioegb · ‎05-14-2020

Hi Marvin. Following this thread. Right now I'm in version 6.4.0.7, I want to install hotfix 6.4.0.9 when it is available. Do I have to install patch 6.4.0.8 first or I can go straight to the hotfix??

Thanks.

Julio Guzmán

Rob Ingram · ‎05-14-2020

Hi @julioegb

Patches are cumulative, so you can always skip directly to the latest patch (within the current major version).

So no, you will not need to upgrade to 6.4.0.8 before install 6.4.0.9 (when it is available).

HTH

Marvin Rhoads · ‎05-14-2020

Usually it's like @Rob Ingram said.

But... Cisco has a bad way of numbering the hotfixes sometimes so that they resemble the patch numbering. Check the release notes always and follow that advice. Patches are cumulative and you can skip intermediate ones. True hotfixes usually have their own numbering and should be installed only on specified patch levels.

julioegb · ‎05-14-2020

Thanks Marvin.

julioegb · ‎05-22-2020

Few days ago Cisco released the hotfix 6.4.0.9. First I made an upgrade to patch 6.4.0.8 and then I installed the hotfix 6.4.0.9. All work well as you said. Thanks.