09-23-2019 03:22 AM - edited 02-21-2020 09:30 AM
Hi,
I have FTD running on intr-chassis cluster of FPR9300 devices. I have built the FTD's from the base image "cisco-ftd.6.3.0.85.SPA.csp" but I wanted to upgrade them to "cisco_FTD_SSP_Patch-6.3.0.3-77.sh.REL.tar" before adding them to my FMC. I can't find any document how i can do this? is it only possible from FMC?
Please can someone help me how I can do this manually ?
09-23-2019 04:27 AM - edited 09-23-2019 04:30 AM
You can install FTD patches manually.
https://ciscoskills.net/2017/07/12/update-firepower-devices-manually/
That said, a better version would be 6.4.0.4. Cisco just recently recommended that release as the "Gold Star" release.
https://software.cisco.com/download/home/286287252/type/286306337/release/6.4.0.4
It does require that your FXOS is at 2.6(1.157)+
https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/compatibility/fxos-compatibility.html
Redeploy the logical device using the 6.4.0 base image and then patch to update to 6.4.0.4.
Of course, your FMC must be at or above the release of all managed devices.
09-23-2019 08:50 AM
Thanks for your valuable reply. Is that same for cisco_FTD_SSP_Patch-6.3.0.3-77.sh.REL.tar this file extension ?
Also winscp doesn't seems to connect to FTD any suggestion what is the best app i can use?
09-23-2019 09:17 AM
I’m not sure what you mean by your first question. Is what the same?
Try using the FTD devices as an ftp client. Host the file on your ftp server - I use FileZilla - and copy from there using the Linux shell in expert mode.
09-23-2019 09:32 AM
its regarding the manually update query.
The example link you have pasted above indicating that .sh patch extension file being used to manually update the FTD.
The file I have download is with the different file extension as compared to your example.
as mentioned in my previous post I am trying to upgrade my base image to as 3.0.3-77 but that as .tar extension at the end. do I need to download a .SH extension file inorder to upgrade it? I am confused whats the difference between these two file extension?
09-23-2019 10:06 PM
In more recent versions Cisco has stopped using the plain shell script packages (.sh) and switched to a signed release. They bundle the bundle.sig and .sh files together into a tarball (.tar file).
If you untar (extract) them using Linux tar utility (or 7-zip or similar program) you will find the .sh patch file within.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide