Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4369
Views
40
Helpful
7
Replies

FMC Upgrade rollback 6.6 to 6.4

Go to solution
Luis Seyler
Level 1
Level 1

‎11-19-2021 06:45 AM - edited ‎11-19-2021 06:46 AM

Hi! I'm planning a firepower upgrade from 6.4 to 6.6 and need to add a rollback procedure, and was wondering if I needed to re-image the device or there is something easier like uninstalling a patch?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-19-2021 06:56 AM - edited ‎11-19-2021 06:59 AM

Only since 6.7 and higher releases (and only for FDM) do we have the option to rollback a minor or major release upgrade.

https://www.cisco.com/c/en/us/td/docs/security/firepower/670/relnotes/firepower-release-notes-670/m_uninstall-an-update.html#Cisco_Concept.dita_f85c578d-c536-4f3c-af7d-7b4ae8f4448b

So in the case of a 6.6 upgrade, rollback would require a lot of work - reimaging in the case of a hardware appliance.

If it is a VM, you could shutdown the server and snapshot it prior to upgrade.

View solution in original post

7 Replies 7

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎11-19-2021 06:56 AM - edited ‎11-19-2021 06:59 AM

Only since 6.7 and higher releases (and only for FDM) do we have the option to rollback a minor or major release upgrade.

https://www.cisco.com/c/en/us/td/docs/security/firepower/670/relnotes/firepower-release-notes-670/m_uninstall-an-update.html#Cisco_Concept.dita_f85c578d-c536-4f3c-af7d-7b4ae8f4448b

So in the case of a 6.6 upgrade, rollback would require a lot of work - reimaging in the case of a hardware appliance.

If it is a VM, you could shutdown the server and snapshot it prior to upgrade.

Go to solution
Luis Seyler
Level 1
Level 1
In response to Marvin Rhoads

‎11-19-2021 07:04 AM

That what I was afraid of, hopefully it won't come to that as I have a hardware appliance.

Thanks!

0 Helpful

Go to solution
Jordan-s
Level 1
Level 1
In response to Marvin Rhoads

‎12-30-2021 12:12 PM

Thanks for answer Marvin! but won't taking a snapshot for virtual FMC cause an issue to the existing one like what happens to ISE for example? just asking to see if that's the case?

 

Thanks!

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-31-2021 06:52 AM - edited ‎01-01-2022 06:55 PM

@Jordan-s snapshots don't "break" FMC like they often do with ISE. FMC uses a different db under the covers. ISE uses Oracle vs. FMC which uses SAP (formerly Sybase) SQL Anywhere plus my SQL (and Monet db in newer releases).

If you want to be extra careful, you can shutdown the server first and then snapshot the VM.

Go to solution
Jordan-s
Level 1
Level 1
In response to Marvin Rhoads

‎12-31-2021 07:38 AM - edited ‎12-31-2021 07:38 AM

Thanks for the answer and the suggestion.

Thanks!

0 Helpful

Go to solution
Chess Norris
Level 4
Level 4
In response to Jordan-s

‎06-01-2022 04:47 AM

There is a rollback script - "upgrade_rollback.sh" - that you can run from the FMC in expert mode. I am not sure from what version this function was availible, but I recently reverted a failed 6.6.5 upgrade back to 6.4, using this script.

 

/Chess

Go to solution
Jordan-s
Level 1
Level 1
In response to Chess Norris

‎06-01-2022 06:23 AM

Thanks for your feedback. I will look into it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card