FTD software on ASA and firmware combability

Chess Norris · ‎10-08-2020

Hi,

I have upgraded the FTD software on a couple of ASA 5508-X from version 6.3 -> 6.6.0.1

After the upgrade I noticed the following warning message in the CLI.

FPGA UPGRADE Version : 2.4
FPGA GOLDEN Version : unavailable
ROMMON Version : 1.1.13
WARNING: Platform FPGA version is older than minimum recommended image.
WARNING: Platform ROMMON version is older than minimum recommended image.

Is there anywhere I can find information on the minimum required Firmware for FTD 6.6.0.1?

I have looked at the Cisco Firepower combability guide, but cannot find any information there.

Also, after I transferred the firmware, I did a verify on the file, but got some different output.

On the first ASAs, I got this

verify asa5500-firmware-1118.SPA
Verifying file integrity of disk0:/asa5500-firmware-1118.SPA
Signature Verified

But on the second ASA, I didn't get the "Signature Verified" message.

However, if I did a SHA-512 check and compared with the file on the first firewall, they matched.

The file should be ok if the SHA-512 checked pass, right?

Thanks

Chess

ajc · ‎01-28-2021

Any update on this old case? I am getting the same error message after upgrading into 9.12.3 ASA 5516. Did it work properly for you Chess?

UPDATE: Upgrade of firmware completed. No issues.

Oliver Kaiser · ‎01-29-2021

As long as the hash lookup yields the same result you should be fine. The warning you see is probably because firmware 1.1.15 is recommended for ASA 5508-X since FTD 6.4.0 (see https://www.cisco.com/c/en/us/td/docs/security/firepower/640/relnotes/firepower-release-notes-640/compatibility.html and search for ROMMON for details).

The compatibility guide is quite extensive but it looks like that detail is missing.

Hope that helps!