Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
805
Views
5
Helpful
2
Replies

FMCv Upgrade to 6.4.0.4

Go to solution
willieh
Level 1
Level 1

‎10-25-2019 09:51 AM - edited ‎02-21-2020 09:38 AM

Hello all,

 

I'm new to the whole FMCv with FTD setup so bear with me... In production we have an FMCv running 6.2.3.2 with two FTD2120s in HA pair running the same version (6.2.3.2). I am looking to upgrade the FMCv and FTD's to the latest starred version (6.4.0.4), but was looking for any pointers that could be given? I have downloaded the update and the patch and have put both on the FMCv, but between the release notes and other documents I'm a litte hesitant to perform the upgrade. It seems to me that this upgrade would require no downtime since upgrading the FMCv wouldn't cause the firewalls to drop packets. Also, having the FTDs in HA it seems the secondary FTD would upgrade first then perform a failover for the primary to upgrade, leaving the secondary as the primary after the update.

 

Is there anyone that has a similar setup that can provide some information? I'm working to schedule a maintenance window just in case there is downtime, but the release notes are making that difficult for me. Help in any form would be greatly appreciated.

 

 

Thanks in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎10-25-2019 01:14 PM

Hi,
Upgrading the FMCv would not cause the firewalls to drop packets, they will operate as before, however obviously they will be unable to send logs to the FMC. As there is only 1 FMC, if you have AMP or ISE integration to the FMC this would be impacted.

 

This doc describes the FTD HA pair procedure, the only thing not required to do on your 2120s is to upgrade FXOS. It's relatively straight forward procedure.

 

Even though there should not be any impact, schedule a downtime window regardless and obviously take a backup of the FMC.

 

HTH

View solution in original post

2 Replies 2

Go to solution
Rob Ingram
VIP
VIP

‎10-25-2019 01:14 PM

Hi,
Upgrading the FMCv would not cause the firewalls to drop packets, they will operate as before, however obviously they will be unable to send logs to the FMC. As there is only 1 FMC, if you have AMP or ISE integration to the FMC this would be impacted.

 

This doc describes the FTD HA pair procedure, the only thing not required to do on your 2120s is to upgrade FXOS. It's relatively straight forward procedure.

 

Even though there should not be any impact, schedule a downtime window regardless and obviously take a backup of the FMC.

 

HTH

Go to solution
willieh
Level 1
Level 1
In response to Rob Ingram

‎10-28-2019 12:00 PM

Thank you for your quick response! That was exactly what I was looking for.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card