Solved: Re: FTD Upgrade question

benolyndav · ‎06-20-2022

HI

Our FMC is already on version 7.0.1 and x2 FTD still running version 6.6.x I want to upgrade one of the FTD's will this be ok to have one FTD on version 7.0.1 and the other FTD on version 6.6.x, im just think about the Snort versions thats all,.??

Thanks

Rob Ingram · ‎06-21-2022

@benolyndav when you upgrade a managed device to 7.x snort remains at version 2, until you explictly configure Snort 3. So perhaps convert to Snort 3 only after you've migrated all your FTDs.

View solution in original post

Rob Ingram · ‎06-21-2022

@benolyndav are the FTD's in an Active/Standby pair or 2 separate FTDs?

If an Active/Standby you would upgrade the standby device, so that the active device continues handling traffic. After the upgrade completes, you switch roles and again upgrade the standby unit. So for period you are running on the new Active running 7.x, at which point you can determine whether any issues or not, then decide to upgrade the new standby or rollback.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/upgrade/device-manager/710/upgrade-fdm-710/upgrade-threat-defense.html#task_AE850BD023684725BBA13AEC03BFE1DF

benolyndav · ‎06-21-2022

Hi

Thanks for that, these x2 FTD's are not in HA they are in different locations but managed by the same FMC.

Thanks

Rob Ingram · ‎06-21-2022

@benolyndav when you upgrade a managed device to 7.x snort remains at version 2, until you explictly configure Snort 3. So perhaps convert to Snort 3 only after you've migrated all your FTDs.