By "the literature" I assume you are talking about the Cisco guides (e.g., https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/firepower-4100-9300.html). Those were written by the team that builds FXOS appliances so they focus on the tools they have developed. However it is as easy (or, I would argue, easier) to use the tried and true ASA native method.

Thanks Marvin,

(a) will work with file name : "asa9-16-2-14-lfbff-k8.SPA" ? assumingly it will just do the asa upgrade and skip the rest?

Is it also the case that the "SSP Operating System Version 2.7(1.107)" is compatible with ASA 9.16.2.x.

If it "wasnt" i would have to upgrade the underlying SSP OS before i could upgrade ASA code, thus the need to do it via the fxos cli (b). Which is done via the package file "asa9-16-2-14-lfbff-k8.SPA" ?

I dont have a unit to play around with and i be doing this remotly so as in to avoid breaking anything or re-imaging it.

regards

For ASA 9.16x, Cisco requires FXOS 2.10(1.159)+.However the lower end platforms (1100, 2100 and 3100 series) bundle the ASA software with the associated FXOS.

On a higher end platform (Firepower 4100 or 9300 series) you would upgrade the FXOS first and then the ASA software.

Thanks Mr Rhoads,

I think we are almost at the end of this discussion.

I have not checked for the image files for higher models but i thought SPA is the bundle file and it does FXOS first ( if needed ) then the ASA image.

If we do the boot via ASA cli then the FXOS has no chance to be upgraded, does it ?

So, in my case, doing (a) via asa cli is fine as fxos is compatible and like you said, may be also coz 11xx untill 3xxx asa cli + SPA file takes care of both ( FXOS and ASA ) ( not sure how but lets assume it does ).

Ok, i will go in for a test upgrade , thank you for your time.

Cant't believe that this not being put in simple words in any documentation by mighty cisco.