I'm encountering uploading IOS image on the ASA5508 & FTD same box

anil-kumar2 · ‎07-08-2024

Hi All,

I need your help.

I have a Cisco ASA5508 box which will act as an FTD. My requirement is to upgrade the IOS on ASA5508 first, and then proceed with FTD.

Currently, my Cisco ASA5508 is running Version 9.9(2)91, and there are vulnerabilities that require me to upload ASA IOS version 9.9.16 or later.

However, when I log into the CLI, I get the prompt ">", indicating I am not in ASA Privilege mode but rather in the FTD mode.

I need assistance on how to upload the ASA firmware without impacting the FTD setup since this is a standalone box.

My main goal is to upload the IOS on ASA5508 and subsequently install the .tar image on the FTD box.

========================

I also attempted an FTD version upgrade as follows:

I have a Cisco ASA5508 which is currently set up to act as an FTD. I planned to first upload the new FTD version and then proceed with ASA.

I attempted to upload the image into the FTD 6.6.7.XXXX by copying the .tar file onto the box. However, I encountered an issue where the prompt displayed ">" upon logging in.

I tried to execute the command "system support diagnostic-all" which requires a BASH prompt. When I ran the command "ls -l /var/sf/updates/", the output showed:

admin@FTD5508X-FR-BDX:/var/sf/updates$ ls -l
total 2230544
-rw-r--r-- 1 root root 242 Dec 1 2020 Cisco_FTD_Patch-6.2.3.16-59.sh.REL.tar.METADATA
-rwxr-xr-x 1 root bin 215040 Dec 1 2020 Cisco_FTD_Patch_Uninstaller-6.2.3.16-59.sh.REL.tar
-rw-r--r-- 1 root root 226 Dec 1 2020 Cisco_FTD_Patch_Uninstaller-6.2.3.16-59.sh.REL.tar.METADATA
-rwxr-xr-x 1 root bin 215040 Jun 30 04:13 Cisco_FTD_Patch_Uninstaller-6.2.3.18-50.sh.REL.tar
-rw-r--r-- 1 root root 226 Jun 30 07:43 Cisco_FTD_Patch_Uninstaller-6.2.3.18-50.sh.REL.tar.METADATA
-rwxr-xr-x 1 www www 1247170560 Jul 6 04:53 Cisco_FTD_Upgrade-6.6.7-223.sh.REL.tar
I attempted to install the FTD version using the command:

admin@FTD5508X-FR-BDX:/var/sf/updates$ sudo install_update.pl /var/sf/updates/Cisco_FTD_Upgrade-6.6.7-223.sh
However, it resulted in the error:

ARGV[0] = --detach
ARGV[1] = /var/sf/updates/Cisco_FTD_Upgrade-6.6.7-223.sh.REL.tar
install_update.pl begins. bundle_filepath: /var/sf/updates/Cisco_FTD_Upgrade-6.6.7-223.sh.REL.tar
We need 10215004 Kilobytes in /ngfw/var/tmp. Available only 3670016. at /ngfw/usr/local/sf/bin/install_update.pl line 580.
I have attempted to clear temporary files without success, and the home directory is now 92% full. I need guidance on which files can be safely deleted.

Memory usage details are as follows:

admin@FTD5508X-FR-BDX:/var/sf/updates$ df -h
Filesystem Size Used Avail Use% Mounted on
tmpfs 3.9G 440K 3.9G 1% /run
tmpfs 3.9G 32K 3.9G 1% /var/volatile
none 3.8G 21M 3.8G 1% /dev
/dev/sdb1 6.9G 3.8G 3.2G 55% /mnt/disk0
/dev/mapper/root 3.7G 982M 2.6G 28% /ngfw
/dev/mapper/var 62G 54G 5.0G 92% /home
tmpfs 3.9G 0 3.9G 0% /dev/cgroups

@Jonatan Jonasson

Marvin Rhoads · ‎07-08-2024

An ASA hardware appliance runs either with ASA image or FTD image. Yours is running FTD image. The ASA 5508-X is past end of sales but can be upgraded to the latest 7.0.x release of FTD.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/compatibility/threat-defense-compatibility.html#id_34136

FTD versions have a bundled LINA code (Linux ASA - roughly equivalent to ASA). The bundled LINA code is automatically installed when you upgrade FTD and is never installed separately. for instance, 7.0.6.2 includes 9.16(4.57) and all associated bug fixes.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/compatibility/threat-defense-compatibility.html#id_67425

To address the space issue, you will need to cleanup several files. You can run a command to see which are taking the most space. for example, try these commands as root user (from clish, type expert and then sudo su -):

df -hT /ngfw
find /ngfw -type f -exec du -Sh {} + | sort -rh | head -n 15

...and share the output.

anil-kumar2 · ‎07-08-2024

Hi Marvin,

Thank you for your quick response

admin@FTD5508X-FR-BDX:~$ df -hT /ngfw
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/root ext4 3.7G 982M 2.6G 28% /ngfw
admin@FTD5508X-FR-BDX:~$

anil-kumar2 · ‎07-08-2024

head -n 15508X-FR-BDX:~$ sudo find /ngfw -type f -exec du -Sh {} + | sort -rh | h
2.1G /ngfw/var/log/ntp.log
2.1G /ngfw/Volume/6.2.3/log/ntp.log
1.6G /ngfw/Volume/.swaptwo
1.2G /ngfw/var/sf/updates/Cisco_FTD_Upgrade-6.6.7-223.sh.REL.tar
1.2G /ngfw/usr/local/sf/updates/Cisco_FTD_Upgrade-6.6.7-223.sh.REL.tar
1.2G /ngfw/Volume/6.2.3/sf/updates/Cisco_FTD_Upgrade-6.6.7-223.sh.REL.tar
1.1G /ngfw/var/sf/backup/20240703193000.NGFW_backup.BackupProd.tar
1.1G /ngfw/usr/local/sf/backup/20240703193000.NGFW_backup.BackupProd.tar
1.1G /ngfw/Volume/6.2.3/sf/backup/20240703193000.NGFW_backup.BackupProd.tar
905M /ngfw/var/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-3/ssl-nse-debug.log.1686384688
905M /ngfw/usr/local/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-3/ssl-nse-debug.log.1686384688
905M /ngfw/Volume/6.2.3/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-3/ssl-nse-debug.log.1686384688
887M /ngfw/var/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-1/ssl-nse-debug.log.1686384688
887M /ngfw/usr/local/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-1/ssl-nse-debug.log.1686384688
887M /ngfw/Volume/6.2.3/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-1/ssl-nse-debug.log.1686384688

anil-kumar2 · ‎07-08-2024

Hi Marvin,

Could you please advise on the next plan of action regarding this? We only have 2GB of space available. Based on the above output, which files should we remove?

Can we try to install the image in Disk0? if yes i copied the file in Disk0 but there is no Install command in Firepower..

Thank you.

Marvin Rhoads · ‎07-08-2024

The .log files listed in your large files output can all be safely deleted. Also, you can copy the .tar backupp file off box and then safely delete the local copy.

anil-kumar2 · ‎07-08-2024

Hi Marvin,

i am going to delete below files and .bakcup.tar file moving to Disk0:

please confirm from your end is this correct files your referring

Kindly confirm if anything i missing here.

2.1G /ngfw/var/log/ntp.log
2.1G /ngfw/Volume/6.2.3/log/ntp.log
905M /ngfw/var/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-3/ssl-nse-debug.log.1686384688
905M /ngfw/usr/local/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-3/ssl-nse-debug.log.1686384688
905M /ngfw/Volume/6.2.3/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-3/ssl-nse-debug.log.1686384688
887M /ngfw/var/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-1/ssl-nse-debug.log.1686384688
887M /ngfw/usr/local/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-1/ssl-nse-debug.log.1686384688
887M /ngfw/Volume/6.2.3/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-1/ssl-nse-debug.log.1686384688

Removing :-
sudo rm /ngfw/var/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-3/ssl-nse-debug.log.1686384688
sudo rm /ngfw/usr/local/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-3/ssl-nse-debug.log.1686384688
sudo rm /ngfw/Volume/6.2.3/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-3/ssl-nse-debug.log.1686384688

sudo rm /ngfw/var/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-1/ssl-nse-debug.log.1686384688
sudo rm /ngfw/usr/local/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-1/ssl-nse-debug.log.1686384688
sudo rm /ngfw/Volume/6.2.3/sf/detection_engines/542263a8-a20f-11e8-be11-4a2d072cfdf8/instance-1/ssl-nse-debug.log.1686384688

&

i am going to copy this backup.tar file to Disk0

sudo cp /ngfw/var/sf/backup/20240703193000.NGFW_backup.BackupProd.tar /path/to/Disk0
sudo cp /ngfw/usr/local/sf/backup/20240703193000.NGFW_backup.BackupProd.tar /path/to/Disk0
sudo cp /ngfw/Volume/6.2.3/sf/backup/20240703193000.NGFW_backup.BackupProd.tar /path/to/Disk0

&

and i have backup file in Disk0 for .Tar please find the below,

FTD5508X-FR-BDX# dir disk0:

Directory of disk0:/

115 -rwx 103582240 00:55:18 Mar 26 2018 os.img
116 -rwx 47 06:44:52 Jul 06 2024 .boot_string
117 -rwx 152098 11:07:30 Aug 17 2018 install.log
15 drwx 4096 09:35:46 Sep 26 2018 log
22 drwx 4096 15:36:12 Dec 06 2019 crypto_archive
23 drwx 4096 11:26:46 Aug 17 2018 coredumpinfo
118 drwx 258048 14:52:30 Jul 05 2024 cd-delta
119 drwx 4096 12:43:54 Jun 26 2024 anyconncprofs
120 drwx 4096 12:43:54 Jun 26 2024 anyconnpkgs
121 -rwx 662560 01:27:30 Aug 02 2020 crashinfo_20200802_012726_UTC
122 -rwx 718515 00:32:36 Aug 03 2020 crashinfo_20200803_003212_UTC
123 -rwx 733733 00:43:54 Aug 03 2020 crashinfo_20200803_004338_UTC
124 -rwx 733592 01:49:08 Aug 03 2020 crashinfo_20200803_014852_UTC
125 -rwx 690846 06:15:52 Oct 09 2020 crashinfo_20201009_061537_UTC
126 -rwx 23574 14:34:30 Dec 01 2020 2020-12-01_running_config.cfg
127 -rwx 24623 04:08:30 Jun 30 2024 backup-config.cfg
128 -rwx 24623 04:08:30 Jun 30 2024 startup-config
129 -rwx 19445 04:08:30 Jun 30 2024 modified-config.cfg
130 -rwx 24161 15:37:40 Jul 05 2024 2024-JUL-05_running_config.cfg
131 -rwx 1247170560 04:43:46 Jul 06 2024 Cisco_FTD_Upgrade-6.6.7-223.sh.REL.tar
132 -rwx 1247160320 22:01:42 Jul 13 2022 bundle.tar
133 -rwx 256 22:01:46 Jul 13 2022 bundle.sig
134 -rwx 1247148337 06:20:10 Jul 06 2024 Cisco_FTD_Upgrade-6.6.7-223.sh

17 file(s) total size: 3848869530 bytes
7366520832 bytes total (3383050240 bytes free/45% free)

Marvin Rhoads · ‎07-08-2024

Your remove commands (rm) are fine.

I believe there is only one copy of "20240703193000.NGFW_backup.BackupProd.tar". the other listings are symbolic links. Also, you should move it (mv), not copy it (cp).

anil-kumar2 · ‎07-08-2024

Hi Marvin,

after i apply RM .. i am not seeing any outputs for below commands

admin@FTD5508X-FR-BDX:~$ df -hT /ngfw
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/root ext4 3.7G 982M 2.6G 28% /ngfw
admin@FTD5508X-FR-BDX:~$ sudo find /ngfw -type f -exec du -Sh {} + | sort -rh | en
bash: en: command not found

but i am seeing many logs in this command

sudo find /ngfw -type f -exec du -Sh {} + | sort -rh

anil-kumar2 · ‎07-08-2024

I am unable to find the file for this command; does this mean it has deleted everything? How can I check the status of the following files? I have not yet moved the file

admin@FTD5508X-FR-BDX:~$ find /ngfw/var/sf/backup/ -name "NGFW_backup.BackupProd.tar"
admin@FTD5508X-FR-BDX:~$

anil-kumar2 · ‎07-08-2024

Hi Marvin

i find the file as below

admin@FTD5508X-FR-BDX:/ngfw/var/sf/backup$ ls -l
total 1079480
-rw-r--r-- 1 www www 1105315840 Jul 3 19:50 20240703193000.NGFW_backup.BackupProd.tar
admin@FTD5508X-FR-BDX:/ngfw/var/sf/backup$

anil-kumar2 · ‎07-08-2024

Hi Marvin,,

i am trying to move the files getting below error

mv: cannot move '/ngfw/var/sf/backup/20240703193000.NGFW_backup.BackupProd.tar' to '/path/to/Disk0': No such file or directory
admin@FTD5508X-FR-BDX:~$ cd /ngfw/var/sf/backup/
admin@FTD5508X-FR-BDX:/ngfw/var/sf/backup$ sudo mv /ngfw/var/sf/backup/20240703193000.NGFW_backup.BackupProd.tar /path/to/Disk0
mv: cannot move '/ngfw/var/sf/backup/20240703193000.NGFW_backup.BackupProd.tar' to '/path/to/Disk0': No such file or directory
admin@FTD5508X-FR-BDX:/ngfw/var/sf/backup$ sudo mv /ngfw/usr/local/sf/backup/20240703193000.NGFW_backup.BackupProd.tar /path/to/Disk0
mv: cannot move '/ngfw/usr/local/sf/backup/20240703193000.NGFW_backup.BackupProd.tar' to '/path/to/Disk0': No such file or directory
admin@FTD5508X-FR-BDX:/ngfw/var/sf/backup$ sudo mv /ngfw/Volume/6.2.3/sf/backup/20240703193000.NGFW_backup.BackupProd.tar /path/to/Disk0
mv: cannot move '/ngfw/Volume/6.2.3/sf/backup/20240703193000.NGFW_backup.BackupProd.tar' to '/path/to/Disk0': No such file or directory
admin@FTD5508X-FR-BDX:/ngfw/var/sf/backup$ ls -l
total 1079480
-rw-r--r-- 1 www www 1105315840 Jul 3 19:50 20240703193000.NGFW_backup.BackupProd.tar
admin@FTD5508X-FR-BDX:/ngfw/var/sf/backup$

anil-kumar2 · ‎07-08-2024

Hi Marvin .. waiting for your update ..

My i know your working hours pls..

My self IST 1pm to 10pm

Marvin Rhoads · ‎07-08-2024

This is the free community, not Cisco TAC. If you require immediate support during your working hours then TAC is the correct route. Here we are volunteers providing free help as we are able.

'/path/to/Disk0' looks like some sort of link and may not be valid for moving files. You need to the absolute path to move a file.

Have you checked you available disk space after removing the unneeded log files?

anil-kumar2 · ‎07-08-2024

Hi Marvin,

Thank you for your help .. i understand,

no improve meant

admin@FTD5508X-FR-BDX:/ngfw/var/sf/backup$ df -hT /ngfw
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/root ext4 3.7G 982M 2.6G 28% /ngfw
admin@FTD5508X-FR-BDX:/ngfw/var/sf/backup$