Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1293
Views
2
Helpful
3
Replies

FPR: After successful patch installation old release was indicated

Go to solution
swscco001
Level 3
Level 3

‎01-18-2024 11:34 PM

Hello everybody,

our customer is running FMCv rel. 7.2.5.1 and has a HA cluster of two Firepower 1120 running rel.7.2.5.

I installed the Cisco FTD SSP FP1K Hotfix BJ 7.2.5.1-1 patch successful (see screen dump) but
thereafter the FMC shows the old release (see screen dump). The red bubble on the devices
is because the interface monitoring is enabled and the interfaces seems no to receive packets
(see screen dump). I don't think it has something to do with the patch installation issue.

Also on the CLI after a successful installtion the old release was indicated:

root@firewall-01:/ngfw/var/log/sf# tail /ngfw/var/log/sf/Cisco_FTD_SSP_FP1K_Hotfix_BJ-7.2.5.1/status.log
ui: Upgrade in progress: (97% done). Finishing the upgrade... (999_finish/999_y02_python2_pth_clean.sh)
ui: Upgrade in progress: (98% done). Finishing the upgrade... (999_finish/999_z_must_remain_last_finalize_boot.sh)
ui: Upgrade in progress: (98% done). Finishing the upgrade... (999_finish/999_zz_install_bundle.sh)
ui: Upgrade in progress: (99% done). Finishing the upgrade... (999_finish/999_zzz_complete_upgrade_message.sh)
ui: Upgrade complete
ui: The system will now reboot.
ui:System will now reboot.
ui: Upgrade completed successfully. Applications are starting.
ui: Upgrade completed with FTD started successfully
state:finished


> show version
-----------[ firewall-01.knowisag.local ]-----------
Model                     : Cisco Firepower 1120 Threat Defense (78) Version 7.2.5 (Build 208)
UUID                      : 07a44e1c-e9e6-11ea-8a35-d71662f073a9
Rules update version      : 2024-01-16-001-vrt
VDB version               : 377
----------------------------------------------------

Do you have an explanation for this and how can I fix this?

Thanks a lot!



Bye
R.

Preview file
55 KB
Preview file
94 KB
Preview file
111 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to swscco001

‎01-19-2024 04:26 AM - edited ‎01-19-2024 05:39 AM

Yes, that's correct @swscco001 . Hotfix installation status will never show up in the normal GUI display (at least as of the current latest version 7.4.1).

View solution in original post

3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-19-2024 12:59 AM

The hotfix version will not show from the GUI or clish.

Go into expert mode on the FTD cli and run "rpm -qa" as root ("sudo su -" first or sudo the command).

https://community.cisco.com/t5/network-security/determine-or-verify-hotfix-version-firepower-threat-defense-ftd/td-p/4087696

Go to solution
swscco001
Level 3
Level 3
In response to Marvin Rhoads

‎01-19-2024 01:13 AM

Hi Marvin,

thanks for your fast reply.

On the CLI I get the folowing:

admin@firewall-01:~$ sudo su -
Password:
root@firewall-01:~# rpm -qa
Aquila_Network_Sensor-Intel-7.2.5-208.x86_64
root@firewall-01:~#
root@firewall-01:~#
root@firewall-01:~# cat /etc/sf/patch_history
6.4.0-102
6.6.1-91
6.6.4-64
6.6.5-81
7.0.4-55
7.0.5-72
7.2.5-208
Hotfix_BJ-1__126236992

If I understand this correctly the installed Cisco FTD SSP FP1K Hotfix BJ 7.2.5.1-1 is not a normal patch but just a HotFix and that's why I don't see a changed version in the FMC or 'show version' output?

Thanks a lot!



Bye
R.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to swscco001

‎01-19-2024 04:26 AM - edited ‎01-19-2024 05:39 AM

Yes, that's correct @swscco001 . Hotfix installation status will never show up in the normal GUI display (at least as of the current latest version 7.4.1).

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card