Solved: Re: Minor upgrade of FMC and FTD? - Page 2

CiscoBrownBelt · ‎05-05-2023

See documentation about going from 6 to 7 version but course nothing from let's say 7.0.2 to .4,

Has anyone upgraded these before? Any potential issues to consider?

CiscoBrownBelt · ‎05-09-2023

So I have FMC on 7.0.4 and a test FTDv on 7.0.4. I believe docs say as long as FMC is on 7.0.X I can upgrade FTDv to 7.0.2 or do they both have to be same exact version or something will not work properly?

References to FXOS only apply to 4100/9300 platforms?

CiscoBrownBelt · ‎05-09-2023

Also, in the FMC I don't see a readiness option. Is it because there is a current Upgrade entry (for same version that is in use)? Option to Delete, Install, or Push or Stage Update. Can I just delete this or leave it and upload the 7.2.4?

Marvin Rhoads · ‎05-09-2023

FMC must be at or above the version of the managed devices. There's not good reason to have FMC at 7.0.5 but not bring the managed devices up to the same level.

FXOS is only upgraded separately when FTD is on 4100 and 9300 series. Other architectures include the FXOS bundled into the FTD software.

7.2.4. would be a good choice for now - it will likely be the next Gold Star suggested release soon.

CiscoBrownBelt · ‎05-09-2023

Oh ok I see.

Reason I ask, is so I could upgrade a test FTDv and not make any changes to the FMC which is used in prod. That FTDv is just managed under the prod FMC but it is really not used for anything. Basically just want to upgrade it to test and prove no issues.

CiscoBrownBelt · ‎06-23-2023

@Marvin Rhoads Can you upgrade the FMC 4600 appliance that currently has 7.0.4 software with Cisco_Secure_FW_Mgmt_Center_Upgrade-7.2.4-169.sh.REL.tar?

I noticed current 7.0.4 is not Secure (does not show Cisco Secure). Any negatives about doing so? I don't even see any software options that does not reference Secure.

Also, is the VDM updated as well when upgrading with the 7.2.4 software?

Aref Alsouqi · ‎06-23-2023

The name has changed recently, this is why they refer to it now as Secure Firewall Management Center. You can upgrade directly from 7.0.x to 7.2.4 as per the below guide. However, I believe Cisco recommend getting TAC engaged to upgrade to version 7.2.4.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/upgrade/management-center/720/upgrade-management-center-72/upgrade-mgmt-center.html#Cisco_Reference.dita_6dfdea5e-5e0d-4430-9909-27054c6e8267

Marvin Rhoads · ‎06-26-2023

@CiscoBrownBelt Cisco has rebranded the product name to "Cisco Secure Firewall Management Center". It's the same product so no worries moving directly to 7.2.4. Just check that none of your managed devices are running a version prior to 6.6 as that the oldest FMC 7.2.x can manage.

When you upgrade, the installed VDB version does not change. It has to be installed separately and then a deployment done to sync the managed devices.

CiscoBrownBelt · ‎06-27-2023

What is you must revert back to original software version in FMC for whatever reason. What is best method to do that?

Marvin Rhoads · ‎06-27-2023

Major upgrades do not support revert. You would have to rebuild using the old version and then restore from backup. Make sure you have the backup file off-device if you anticipate that being a requirement.

FYI - having upgraded over 100 FMCs, I have never had to revert one.

CiscoBrownBelt · ‎06-27-2023

Thats is very good to know. If for some very strange reason had to go back to old image, you would just use the old version already uploaded to FMC then just go through upgrade steps but choose that software?