Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
4
Replies

FMC / FTD Update Routine

florian.hanig1
Level 1
Level 1

‎09-04-2022 11:08 PM

Hi.

We have 2 of "Firepower 1120" and 1 "Firepower Management Center (FMC)", all in Version "6.6.4".

We like to Upgrade to newer Release.

How is the update routine?
First FMC?
Then the FTD ?

Can I go directly to 6.6.7 and then to 7.0.4  ?...

Which intermediate steps have to be taken?

 

Can you help ?

0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎09-05-2022 02:12 AM

Upgrade FMC first and FTD next.

- Make sure FMC is compatable FTD version - read the release notes and understand caveats.

- If this is Cluster and HA - check upgrade process standby first and active next part of upgrade.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/relnotes/firepower-release-notes-700/upgrade.html#Cisco_Generic_Topic.dita_f5e65f64-d2ac-4a1f-bdc5-4bd93d5d6def

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-05-2022 06:25 AM

6.6.7 to 7.0.4 is a single step upgrade.

As @balaji.bandi noted, it's always best to read and follow the release notes!

0 Helpful

Alan Inman
Level 1
Level 1

‎09-06-2022 05:45 AM

You may also want to consider upgrading to whole steps (eg. 7.0) and then applying half steps (eg. 7.0.1, 7.0.2) afterward. This was the advice given to me by TAC after I had a bad update experience. Apparently, whole steps are easier to back out of than upgrades with patches. No further explanation was given by the TAC engineer. 

0 Helpful

Alan Inman
Level 1
Level 1
In response to Alan Inman

‎09-06-2022 11:51 AM

Ah! Found it!

Choose rollback options.

"For major and maintenance upgrades, you can automatically cancel on upgrade failure and roll back to the previous version. With this option enabled, the device automatically returns to its pre-upgrade state upon upgrade failure. Disable this option if you want to be able to manually cancel or retry a failed upgrade. In a high availability or clustered deployment, auto-cancel applies to each device individually. That is, if the upgrade fails on one device, only that device is reverted."

This option is not supported for patches.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card