Hi, I have to upgrade our Firepowers 2110 running just as FTD (ASA not deployed) for first time and I would like to confirm the steps I should follow in order to try to do not miss anything. Checking the Cisco documents I have found that I can directly upgrade from 6.2 to 6.4 and the are the steps:
1- Upload the software version to FMC.
2- Upgrade FMC.
3- Upgrade Standby FTD from FMC.
4- Perform a failover and test former Standby FTD to check if everything is working properly.
5- Upgrader former Active FTD from FMC.
6- Perform a failover again and test everything.
Is this ok? Plus I have another question, will the current embedded ASA image will also get automatically upgraded when I perform the FXOS upgrade? Thank you very much.
For an FMC-managed HA pair of Firepower 2110 appliances running FTD you upgrade the pair as a single operation from FMC. It takes care of sorting out the pair and upgrading one at a time, doing failover etc.
Also, after upgrading FMC to 6.4.0 (or any new FMC version), redeploy to the managed devices before doing anything else.
The FTD image for Firepower 2100 series includes all the necessary software - the embedded LINA ("ASA") code as well as Firepower and FX-OS.
Once you get to 6.4.0, proceed to install the latest patch (currently 126.96.36.199) for both FMC and the managed devices.
The Cisco Secure Firewall and SecureX teams are looking for feedback from active Secure Firewall users who may or may not have already activated SecureX. Your responses will help us improve the Firepower experience in SecureX. Th...
Related documentsCisco ISE (Identity Services Engine) IPv6 features by release2.6ISE ManagementNetwork Time Protocol SupportDomain Name System SupportExternal RepositoriesAudit Logs and ReportsSimple Network Management ProtocolAccess Control Lists And Dyn...
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 188.8.131.52Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 184.108.40.206R1(config-ikev2-keyring-pee...