I'm encountering uploading IOS image on the ASA5508 & FTD same box

anil-kumar2 · ‎07-08-2024

Hi All,

I need your help.

I have a Cisco ASA5508 box which will act as an FTD. My requirement is to upgrade the IOS on ASA5508 first, and then proceed with FTD.

Currently, my Cisco ASA5508 is running Version 9.9(2)91, and there are vulnerabilities that require me to upload ASA IOS version 9.9.16 or later.

However, when I log into the CLI, I get the prompt ">", indicating I am not in ASA Privilege mode but rather in the FTD mode.

I need assistance on how to upload the ASA firmware without impacting the FTD setup since this is a standalone box.

My main goal is to upload the IOS on ASA5508 and subsequently install the .tar image on the FTD box.

========================

I also attempted an FTD version upgrade as follows:

I have a Cisco ASA5508 which is currently set up to act as an FTD. I planned to first upload the new FTD version and then proceed with ASA.

I attempted to upload the image into the FTD 6.6.7.XXXX by copying the .tar file onto the box. However, I encountered an issue where the prompt displayed ">" upon logging in.

I tried to execute the command "system support diagnostic-all" which requires a BASH prompt. When I ran the command "ls -l /var/sf/updates/", the output showed:

admin@FTD5508X-FR-BDX:/var/sf/updates$ ls -l
total 2230544
-rw-r--r-- 1 root root 242 Dec 1 2020 Cisco_FTD_Patch-6.2.3.16-59.sh.REL.tar.METADATA
-rwxr-xr-x 1 root bin 215040 Dec 1 2020 Cisco_FTD_Patch_Uninstaller-6.2.3.16-59.sh.REL.tar
-rw-r--r-- 1 root root 226 Dec 1 2020 Cisco_FTD_Patch_Uninstaller-6.2.3.16-59.sh.REL.tar.METADATA
-rwxr-xr-x 1 root bin 215040 Jun 30 04:13 Cisco_FTD_Patch_Uninstaller-6.2.3.18-50.sh.REL.tar
-rw-r--r-- 1 root root 226 Jun 30 07:43 Cisco_FTD_Patch_Uninstaller-6.2.3.18-50.sh.REL.tar.METADATA
-rwxr-xr-x 1 www www 1247170560 Jul 6 04:53 Cisco_FTD_Upgrade-6.6.7-223.sh.REL.tar
I attempted to install the FTD version using the command:

admin@FTD5508X-FR-BDX:/var/sf/updates$ sudo install_update.pl /var/sf/updates/Cisco_FTD_Upgrade-6.6.7-223.sh
However, it resulted in the error:

ARGV[0] = --detach
ARGV[1] = /var/sf/updates/Cisco_FTD_Upgrade-6.6.7-223.sh.REL.tar
install_update.pl begins. bundle_filepath: /var/sf/updates/Cisco_FTD_Upgrade-6.6.7-223.sh.REL.tar
We need 10215004 Kilobytes in /ngfw/var/tmp. Available only 3670016. at /ngfw/usr/local/sf/bin/install_update.pl line 580.
I have attempted to clear temporary files without success, and the home directory is now 92% full. I need guidance on which files can be safely deleted.

Memory usage details are as follows:

admin@FTD5508X-FR-BDX:/var/sf/updates$ df -h
Filesystem Size Used Avail Use% Mounted on
tmpfs 3.9G 440K 3.9G 1% /run
tmpfs 3.9G 32K 3.9G 1% /var/volatile
none 3.8G 21M 3.8G 1% /dev
/dev/sdb1 6.9G 3.8G 3.2G 55% /mnt/disk0
/dev/mapper/root 3.7G 982M 2.6G 28% /ngfw
/dev/mapper/var 62G 54G 5.0G 92% /home
tmpfs 3.9G 0 3.9G 0% /dev/cgroups

@Jonatan Jonasson

Marvin Rhoads · ‎07-08-2024

That still looks like too little available space for what the cli process reported is necessary.

Have you tried initiating a backup using the FDM GUI?

There are some other workarounds you can apply since you are running a VERY old version with multiple possible bugs that can contribute to high disk space used.

anil-kumar2 · ‎07-08-2024

Hi Marvin,

yes i tried initiating a backup using the FDM GUI.

pls confirm what are other workarounds.. how i can create frees pace.

Marvin Rhoads · ‎07-08-2024

Several bugs potentially affect this old FTD. Looking into each one by one is something recommended for a TAC engagement.

Here are some of the more commonly encountered high unmanaged disk space bugs:

https://bst.cisco.com/bugsearch/bug/CSCvt77813
https://bst.cisco.com/bugsearch/bug/CSCvo74833
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwb34240
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc30487
https://bst.cisco.com/bugsearch/bug/CSCvy26511

Each has a separate resolution as noted in the bug.

anil-kumar2 · ‎07-09-2024

Hi Marvin,

Thanks for sharing the bug details.

This is a production box, so I am unsure about the impact of applying those commands. This box is not supported by Cisco.

I am not sure how to move forward on this.

Marvin Rhoads · ‎07-09-2024

If there's no support contract, then technically you are not entitled to download and install upgrades on it.

anil-kumar2 · ‎07-09-2024

Hi Marvin,

Thank you for your help.

i will share the same feedback to my client.

anil-kumar2 · ‎07-08-2024

i created folder and moved the file but still no space

admin@FTD5508X-FR-BDX:~$ ls -l /mnt/
total 4
drwxr-xr-x 2 root root 0 Jul 8 16:58 Disk0
drwxr-xr-x 11 root root 4096 Jan 1 1970 disk0
drwxr-xr-x 4 root root 0 Jul 6 06:50 hugetlb
admin@FTD5508X-FR-BDX:~$ sudo mv /ngfw/var/sf/backup/20240703193000.NGFW_backup.BackupProd.tar /mnt/Disk0/
admin@FTD5508X-FR-BDX:~$
admin@FTD5508X-FR-BDX:~$
admin@FTD5508X-FR-BDX:~$ df -hT /ngfw
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/root ext4 3.7G 982M 2.6G 28% /ngfw
admin@FTD5508X-FR-BDX:~$

anil-kumar2 · ‎07-08-2024

/dev/mapper/root ext4 3.7G 982M 2.6G 28% /ngfw
admin@FTD5508X-FR-BDX:~$ df -h
Filesystem Size Used Avail Use% Mounted on
tmpfs 3.9G 440K 3.9G 1% /run
tmpfs 3.9G 32K 3.9G 1% /var/volatile
none 3.8G 21M 3.8G 1% /dev
/dev/sdb1 6.9G 3.8G 3.2G 55% /mnt/disk0
/dev/mapper/root 3.7G 982M 2.6G 28% /ngfw
/dev/mapper/var 62G 53G 6.8G 89% /home
tmpfs 3.9G 0 3.9G 0% /dev/cgroups

Re: I'm encountering uploading IOS image on the ASA5508 & FTD sam

Cisco Secure Firewall (FTD) - How To

ACI & NDI Expert Insight Series

Re image FPR1150 from FTD to ASA

Doc - Troubleshooting de tráfico de datos y control en el FTD