FMC/FTD Upgrade question

benolyndav · ‎06-08-2020

Hello

Currently have x2 FTD 2120's and FMC 1000 all running version 6.3, I'm considering upgrading straight to 6.5 and am wondering is this advisable or would i be safer stepping up one major version at a time, 6.4 then 6.5. ? from what i read if there is a problem with a major version upgrade then the FTD has to be re imaged and then restored from backup which cannot be done from FMC.? Is there any other way off restoring the backup other than WINSCP ?

thanks

balaji.bandi · ‎06-08-2020

You can upgrade from 6.3 to 6.5 directly below the matrix will help you :

https://www.cisco.com/c/en/us/td/docs/security/firepower/upgrade/fpmc-upgrade-guide/plan_upgrade_path.html

FMC has backup - make sure to take a backup before and after the upgrade.

Read the release notes carefully before the upgrade.

if the device in HA you need to follow the below method :

https://www.cisco.com/c/en/us/td/docs/security/firepower/upgrade/fpmc-upgrade-guide/upgrade_paths.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

balaji.bandi · ‎06-09-2020

Agreed what is required version to upgrade based on totally business decision what feature required.

As per the orginal post - the user looking to upgrade from 6.3 to 6.5 so based on that i was suggest the process.

I do agree that every version have still open caveats, this need to verified before upgrade. (but cisco keep improving with new version for now 6.6 also come up.)

if 6.5 release notes meets your requirement, i would still go with 6.5 since it got lot more improvements.

you can compare both release notes :

6.4

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/relnotes/firepower-release-notes-640/features.html

6.5

https://www.cisco.com/c/en/us/td/docs/security/firepower/650/relnotes/firepower-release-notes-650.html

Personally i go with 6.5 (based on the improvements and bug fixes).

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rob Ingram · ‎06-08-2020

Hi,
As previously mentioned you can upgrade directly to 6.5.

Do you need to upgrade to 6.5 for features that are not available in 6.4? 6.4.0.7 is currently the recommended version and 6.5 is a short-term release, if you do not need any of the features of 6.5, I'd go with 6.4 now and then upgrade to 6.6 (long term release) once it becomes the recommended version.

HTH

benolyndav · ‎06-09-2020

Hi Rob

Thanks for the reply couple more questions if you dont mind

When I go to Cisco site for software and select 6.4 I see the below message which advises to upgrade to 6.4.0.7 from any of these versions, then when I select 6.4.0.7 I see the 2 options below do I need both and can I upgrade straight to 6.4.0.7 from 6.3..0 its all very confusing for me I don’t seem to find anything that explains it simpler online.

If you are running Versions 6.1.0.x, 6.2.0.x, 6.2.2.x, 6.2.3.x, 6.3.0.x, or 6.4.0.x we recommend upgrading to Version 6.4.0.7 to take advantage of resolved issues. For details, see the release notes.

Rob Ingram · ‎06-09-2020

Hi @benolyndav

You would need to upgrade to the major version first, which would be 6.4.0, you then install the latest patch (6.4.0.7).

Reference

https://www.cisco.com/c/en/us/td/docs/security/firepower/upgrade/fpmc-upgrade-guide/plan_upgrade_path.html#id_69842

HTH