Solved: Minor upgrade of FMC and FTD?

CiscoBrownBelt · ‎05-05-2023

See documentation about going from 6 to 7 version but course nothing from let's say 7.0.2 to .4,

Has anyone upgraded these before? Any potential issues to consider?

Marvin Rhoads · ‎05-05-2023

As long as the compatibility matrix doesn't show any issues, then a direct upgrade is fine. I've done dozens - just follow the release notes exactly and it normally works as it's supposed to.

Either 7.0.5 or the just-released 7.2.4 would be the best choice for most uses (again, after verifying compatibility).

View solution in original post

Marvin Rhoads · ‎05-08-2023

A stand alone chassis is designed to be managed via the GUI. You can hack around in the fxos and get some things accomplished but it will be 10x as hard as going via the GUI.

If you really really want to, then follow this procedure: https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp2100/firepower-2100-gsg/ftd-fdm.html#Cisco_Task.dita_3e142f03-3738-40ac-9b4d-ed9b5a5771c0

View solution in original post

Marvin Rhoads · ‎05-09-2023

FMC must be at or above the version of the managed devices. There's not good reason to have FMC at 7.0.5 but not bring the managed devices up to the same level.

FXOS is only upgraded separately when FTD is on 4100 and 9300 series. Other architectures include the FXOS bundled into the FTD software.

7.2.4. would be a good choice for now - it will likely be the next Gold Star suggested release soon.

View solution in original post

Aref Alsouqi · ‎06-23-2023

The name has changed recently, this is why they refer to it now as Secure Firewall Management Center. You can upgrade directly from 7.0.x to 7.2.4 as per the below guide. However, I believe Cisco recommend getting TAC engaged to upgrade to version 7.2.4.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/upgrade/management-center/720/upgrade-management-center-72/upgrade-mgmt-center.html#Cisco_Reference.dita_6dfdea5e-5e0d-4430-9909-27054c6e8267

View solution in original post

Marvin Rhoads · ‎06-26-2023

@CiscoBrownBelt Cisco has rebranded the product name to "Cisco Secure Firewall Management Center". It's the same product so no worries moving directly to 7.2.4. Just check that none of your managed devices are running a version prior to 6.6 as that the oldest FMC 7.2.x can manage.

When you upgrade, the installed VDB version does not change. It has to be installed separately and then a deployment done to sync the managed devices.

View solution in original post

buffkata · ‎05-05-2023

Skip the .4 and go to .5 it is the current gold star version. We had some minor issues with 7.0.4 as soon as we upgraded from 7.0.1. Unfortunately.5 was not available at the time.

Marvin Rhoads · ‎05-05-2023

As long as the compatibility matrix doesn't show any issues, then a direct upgrade is fine. I've done dozens - just follow the release notes exactly and it normally works as it's supposed to.

Either 7.0.5 or the just-released 7.2.4 would be the best choice for most uses (again, after verifying compatibility).

CiscoBrownBelt · ‎05-05-2023

Yes the 7.2.4 is what I planned on. Does all the same apply to FTDv?

Marvin Rhoads · ‎05-05-2023

Yes it applies to all FTD types, including FTDv.

Note if you are using FMC, it must be upgraded first.

CiscoBrownBelt · ‎05-08-2023

Bit confusing, which actual file am I supposed to use within the package for physical FTD 2140 the .mf? How about FTDv?

Marvin Rhoads · ‎05-08-2023

Each platform architecture (virtual, 1k series, 2k series etc.) has its own upgrade file.

For FTDv, it is "Cisco_FTD_Upgrade-7.0.5-72.sh.REL.tar" located here: https://software.cisco.com/download/home/286306503/type/286306337/release/7.0.5

For other architectures and FMC, just navigate back up the tree a couple of levels and then back down to the desired branch.

CiscoBrownBelt · ‎05-08-2023

So I am just testing and trying to upload the SPA file from workstation to physical FTD but it keeps failing. I can ping between the FTD and PC. Using Solarwinds TFTP, allowed all programs through FW, etc. Never see any log of this in Solarwinds. Any ideas?

FTD2140 /firmware # download image
tftp://meuser@1.1.1.1/Desktop/cisco-ftd-fp2k.7.2.4-165.SPA
Please use the command 'show download-task' or 'show download-task
detail' to check download progress.
% Download-task cisco-ftd-fp2k.7.2.4-165.SPA : failed. Download
failure - timeout error (1)

tried removing the "Desktop" and using tftp instead of ftp in the path to no avail.

Marvin Rhoads · ‎05-08-2023

Why are you trying to download the SPA into fxos via cli?

FTD upgrade is done via GUI - either FMC or FDM depending on how it is managed. For a 2140 that would be using the file "Cisco_FTD_SSP_FP2K_Upgrade-7.0.5-72.sh.REL.tar" in your case.

SPA file would only be used if reimaging and using platform mode - a very uncommon use case.

CiscoBrownBelt · ‎05-08-2023

I figured out download issue. Did not properly allow program on laptop and had syntex incorrect.

Just testing with spare appliance I have so wanted upgrade that. What file would I use to do that?

Copy on using FMC and the tar.

CiscoBrownBelt · ‎05-08-2023

Yes so basically just want to test and upgrade a spare FTD I have not connected to anything.

Marvin Rhoads · ‎05-08-2023

Does the spare Firepower 2140 have an FTD instance running? If so, log into the relevant management address (local management address) to get to the current release and then upgrade using the FDM GUI. If not, what is running on it?

CiscoBrownBelt · ‎05-08-2023

Not sure what you mean but I just have a unused FTD sitting in a lab bench. So no GUI, no nothing is being used I am consoled in and connected laptop via management port.
Now I uploaded the tar file but get error "Download failure - unable to open downloaded image".

Marvin Rhoads · ‎05-08-2023

A stand alone chassis is designed to be managed via the GUI. You can hack around in the fxos and get some things accomplished but it will be 10x as hard as going via the GUI.

If you really really want to, then follow this procedure: https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp2100/firepower-2100-gsg/ftd-fdm.html#Cisco_Task.dita_3e142f03-3738-40ac-9b4d-ed9b5a5771c0

CiscoBrownBelt · ‎05-08-2023

Awesome Marvin thanks I will have look!