Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
4112
Views
11
Helpful
24
Replies

Minor upgrade of FMC and FTD?

Go to solution
CiscoBrownBelt
Level 6
Level 6

‎05-05-2023 07:25 AM

See documentation about going from 6 to 7 version but course nothing from let's say 7.0.2 to .4,

Has anyone upgraded these before? Any potential issues to consider?

1 person had this problem
0 Helpful
5 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-05-2023 07:59 AM

As long as the compatibility matrix doesn't show any issues, then a direct upgrade is fine. I've done dozens - just follow the release notes exactly and it normally works as it's supposed to.

Either 7.0.5 or the just-released 7.2.4 would be the best choice for most uses (again, after verifying compatibility).

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to CiscoBrownBelt

‎05-08-2023 10:17 AM

A stand alone chassis is designed to be managed via the GUI. You can hack around in the fxos and get some things accomplished but it will be 10x as hard as going via the GUI.

If you really really want to, then follow this procedure: https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp2100/firepower-2100-gsg/ftd-fdm.html#Cisco_Task.dita_3e142f03-3738-40ac-9b4d-ed9b5a5771c0

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-09-2023 05:55 AM

FMC must be at or above the version of the managed devices. There's not good reason to have FMC at 7.0.5 but not bring the managed devices up to the same level.

FXOS is only upgraded separately when FTD is on 4100 and 9300 series. Other architectures include the FXOS bundled into the FTD software.

7.2.4. would be a good choice for now - it will likely be the next Gold Star suggested release soon.

View solution in original post

Go to solution
Aref Alsouqi
VIP
VIP
In response to CiscoBrownBelt

‎06-23-2023 11:05 AM

The name has changed recently, this is why they refer to it now as Secure Firewall Management Center. You can upgrade directly from 7.0.x to 7.2.4 as per the below guide. However, I believe Cisco recommend getting TAC engaged to upgrade to version 7.2.4.

 

ArefAlsouqi_1-1687543223708.png

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/upgrade/management-center/720/upgrade-management-center-72/upgrade-mgmt-center.html#Cisco_Reference.dita_6dfdea5e-5e0d-4430-9909-27054c6e8267

 

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to CiscoBrownBelt

‎06-26-2023 07:44 AM

@CiscoBrownBelt Cisco has rebranded the product name to "Cisco Secure Firewall Management Center". It's the same product so no worries moving directly to 7.2.4. Just check that none of your managed devices are running a version prior to 6.6 as that the oldest FMC 7.2.x can manage.

When you upgrade, the installed VDB version does not change. It has to be installed separately and then a deployment done to sync the managed devices.

View solution in original post

24 Replies 24

Go to solution
buffkata
Level 1
Level 1

‎05-05-2023 07:38 AM

Skip the .4 and go to .5 it is the current gold star version. We had some minor issues with 7.0.4 as soon as we upgraded from 7.0.1. Unfortunately.5 was not available at the time. 

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎05-05-2023 07:59 AM

As long as the compatibility matrix doesn't show any issues, then a direct upgrade is fine. I've done dozens - just follow the release notes exactly and it normally works as it's supposed to.

Either 7.0.5 or the just-released 7.2.4 would be the best choice for most uses (again, after verifying compatibility).

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to Marvin Rhoads

‎05-05-2023 11:44 AM

Yes the 7.2.4 is what I planned on. Does all the same apply to FTDv?

 

 

 

 

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to CiscoBrownBelt

‎05-05-2023 12:02 PM

Yes it applies to all FTD types, including FTDv.

Note if you are using FMC, it must be upgraded first.

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to Marvin Rhoads

‎05-08-2023 05:36 AM - edited ‎05-08-2023 05:53 AM

Bit confusing, which actual file am I supposed to use within the package for physical FTD 2140 the .mf? How about FTDv?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to CiscoBrownBelt

‎05-08-2023 06:13 AM - edited ‎05-08-2023 06:13 AM

Each platform architecture (virtual, 1k series, 2k series etc.) has its own upgrade file.

For FTDv, it is "Cisco_FTD_Upgrade-7.0.5-72.sh.REL.tar" located here: https://software.cisco.com/download/home/286306503/type/286306337/release/7.0.5

For other architectures and FMC, just navigate back up the tree a couple of levels and then back down to the desired branch.

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to Marvin Rhoads

‎05-08-2023 07:40 AM

So I am just testing and trying to upload the SPA file from workstation to physical FTD but it keeps failing. I can ping between the FTD and PC. Using Solarwinds TFTP, allowed all programs through FW, etc. Never see any log of this in Solarwinds. Any ideas?

 

FTD2140 /firmware # download image
tftp://meuser@1.1.1.1/Desktop/cisco-ftd-fp2k.7.2.4-165.SPA
Please use the command 'show download-task' or 'show download-task
detail' to check download progress.
% Download-task cisco-ftd-fp2k.7.2.4-165.SPA : failed. Download
failure - timeout error (1)

 

tried removing the "Desktop" and using tftp instead of ftp in the path to no avail.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to CiscoBrownBelt

‎05-08-2023 07:48 AM

Why are you trying to download the SPA into fxos via cli?

FTD upgrade is done via GUI - either FMC or FDM depending on how it is managed. For a 2140 that would be using the file "Cisco_FTD_SSP_FP2K_Upgrade-7.0.5-72.sh.REL.tar" in your case.

SPA file would only be used if reimaging and using platform mode - a very uncommon use case.

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to Marvin Rhoads

‎05-08-2023 08:16 AM

I figured out download issue. Did not properly allow program on laptop and had syntex incorrect.

Just testing with spare appliance I have so wanted upgrade that. What file would I use to do that?

Copy on using FMC and the tar.

0 Helpful

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to CiscoBrownBelt

‎05-08-2023 08:19 AM - edited ‎05-08-2023 08:56 AM

Yes so basically just want to test and upgrade a spare FTD I have not connected to anything.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to CiscoBrownBelt

‎05-08-2023 09:02 AM

Does the spare Firepower 2140 have an FTD instance running? If so, log into the relevant management address (local management address) to get to the current release and then upgrade using the FDM GUI. If not, what is running on it?

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to Marvin Rhoads

‎05-08-2023 09:27 AM

Not sure what you mean but I just have a unused FTD sitting in a lab bench. So no GUI, no nothing is being used I am consoled in and connected laptop via management port.
Now I uploaded the tar file but get error "Download failure - unable to open downloaded image".

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to CiscoBrownBelt

‎05-08-2023 10:17 AM

A stand alone chassis is designed to be managed via the GUI. You can hack around in the fxos and get some things accomplished but it will be 10x as hard as going via the GUI.

If you really really want to, then follow this procedure: https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/fp2100/firepower-2100-gsg/ftd-fdm.html#Cisco_Task.dita_3e142f03-3738-40ac-9b4d-ed9b5a5771c0

Go to solution
CiscoBrownBelt
Level 6
Level 6
In response to Marvin Rhoads

‎05-08-2023 11:43 AM

Awesome Marvin thanks I will have look!

0 Helpful
Review Cisco Networking for a $25 gift card
Top