cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1291
Views
0
Helpful
6
Replies

How to update ASA fightsight 5.4.0 to 5.4.1?

kelvin.lui11
Level 1
Level 1

Hi all,

My Virtual Defense Center running software version: 5.4.0 , but my firepower module is 5.4.1.

After i downloaded a Sourcefire 3D Defense center S3 Patch.The fightsight shown a update failed message as below.

Task Status Your task Installing Sourcefire 3D Defense Center S3 Patch version: 5.4.1.6-40 (Local Install) failed at Mon May 9 17:27:10 2016

Update Installation Failed : [18%] Fatal error: Error running script 200_pre/007_check_sru_install.sh

So how do i update my fightsight so that i can add the firepower device ?

Thank you

6 Replies 6

kelvin.lui11
Level 1
Level 1

Here is my firepower configure.

Here is my firesight error.

Your FireSIGHT error is because it cannot manager a sensor with a higher version of software. i.e. 5.4.0.x cannot manage a 5.4.1.x sensor.

Just update your FMC to 5.4.1.x by first upgrading it to 5.4.1, then to the latest 5.4.1 patch - currently 5.4.1.6.

Marvin Rhoads
Hall of Fame
Hall of Fame

You cannot go from 5.4.0 directly to 5.4.1.6. Please note the instruction in the release notes:

To update to Version 5.4.1.6, a Defense Center must be running at least Version 5.4

http://www.cisco.com/c/en/us/td/docs/security/firesight/5407/relnotes/FireSIGHT-System-Release-Notes-version5407-and-5416.html#pgfId-631211

Updating to 5.4 will bring the Snort Rule Updates (SRU - whose check is failing per your log message) up to a level that can then be further updated with the 5.4.1.6 patch.

Further, your second message shows the module is being managed via ASDM. You need to register the module to FireSIGHT if you wish to use the FireSIGHT Management Center. Only one or the other can manage a given FirePOWER module.

Jetsy Mathew
Cisco Employee
Cisco Employee

Hello Kelvin,

In Firesight appliances, its a basic rule that the Firesight Management Center should be in a equal or higher software version than the Firepower . Thus when you upgrade the appliances, make sure that you follow this. Dont ever keep the Firesight in lower version than Firepower as this will cause the software mismatch issues.

To update to Version 5.4.1.6, a Defense Center must be running at least Version 5.4.. Thus please refer the release notes and upgrade the Defence Center (Firesight Management Center) to 5.4.1.6 and after upgrade please add the Firepower to the Management Center.

http://www.cisco.com/c/en/us/td/docs/security/firesight/5407/relnotes/FireSIGHT-System-Release-Notes-version5407-and-5416.html#pgfId-479542

What is the existing SRU version in the Firesight ?

Just make sure that you manage the module either via ASDM or Firesight .Dont try to manage the module from both .

To correct the kind of errors sru installation errors , please contact the Cisco Sourcefire TAC team since its bit complicated to correct this error by your own.As the error message suggests that the upgrade failed due to a previously failed SRU update .The upgrade will continue to fail even though a newer version of SRU update has already been successfully installed.

Rate if this post helps you.

Regards

Jetsy 

How do i check my SRU Version?

Hello Kelvin,

To know the SRU version from a Virtual Firesight Management Center GUI , navigate to Help > About on the right top hand side of the page.
There you can see the existing software version , Rule update version (SRU) and VDB version etc..
As adviced , please contact Cisco TAC to resolve the existing issues with the SRU version and continue the upgrade of the Firesight so that the Firepower can match the version .

Rate if this post helps you.

Regards
Jetsy 

Review Cisco Networking for a $25 gift card