Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1801
Views
10
Helpful
8
Replies

Looking for product that automates ASA firmware upgrade

Go to solution
rweir0001
Level 1
Level 1

‎02-06-2017 11:30 AM - edited ‎03-12-2019 01:53 AM

We have a Cisco ASA w/FirePOWER and are trying to determine if there is a Cisco product that will go out to the internet and determine if there are any vulnerabilities in the ASA firmware and then download and upgrade the device. This is something I do manually right now and would like to automate the process. We are managing the ASA with FirePOWER Management Center (FMC). As far as I know their is no native ability to do the automatic upgrades in FMC or ASDM. If there is such a product out there can someone please send me in the right direction?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Oliver Kaiser
Level 7
Level 7
In response to rweir0001

‎02-07-2017 02:43 PM

Scripting the upgrade is probably the best idea. In case you are managing a large amount of devices that would be the best way to go. Parsing outputs is a huge pain but its not impossible.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎02-06-2017 11:36 AM

Firepower upgrades are, in general, a huge pain.  They often have pre-requisites.  Often you can't just just from version x to y, and have to step through intermediate upgrades.  Sometimes we re-images the modules because it is faster and then re-apply the config with Firesight.

The idea of trying to automate that task sounds risky to me.

I don't think you'll find such a product.

Go to solution
rweir0001
Level 1
Level 1
In response to Philip D'Ath

‎02-06-2017 11:40 AM

Philip,

Now are you just referring to FirePOWER upgrades, or ASA firmware upgrades, too? I'm really just interested in automating the firmware upgrades, I just mentioned that it has FirePOWER to be more specific about what we are using. 

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to rweir0001

‎02-06-2017 11:41 AM

Both.

0 Helpful

Go to solution
rweir0001
Level 1
Level 1
In response to Philip D'Ath

‎02-06-2017 11:44 AM

Yeah...I don't disagree. I was asked to look into a solution but I stated my concerns. In my experience upgrading the ASA firmware can lead to unexpected results and even if we were to automate I would need to be available for testing. However, I am curious if there is anything out there that would do the automated upgrades. 

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to rweir0001

‎02-06-2017 11:48 AM

You could perhaps check out Cisco CDO.  I'm not sure if it can or can't do it, but Cisco seem to be putting a lot of effort into it.

http://www.cisco.com/c/en/us/products/security/defense-orchestrator/index.html

Go to solution
rweir0001
Level 1
Level 1
In response to Philip D'Ath

‎02-06-2017 11:49 AM

Thanks, Philip. I'll take a look. 

0 Helpful

Go to solution
Oliver Kaiser
Level 7
Level 7
In response to rweir0001

‎02-07-2017 02:43 PM

Scripting the upgrade is probably the best idea. In case you are managing a large amount of devices that would be the best way to go. Parsing outputs is a huge pain but its not impossible.

0 Helpful

Go to solution
rweir0001
Level 1
Level 1
In response to Oliver Kaiser

‎02-08-2017 07:07 AM

Thanks, kaisero. I did research this more and it appears that scripting is our only real option. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card