Solved: Patch upgrade to 7.6.2.1

renzanjo-caparas · ‎10-12-2025

Hi everyone!

I just need to verify if I am on the right track.

I am planning to upgrade our Cisco vFMC and its 4 managed vFTDs from 7.2.9 to 7.6.2.1

I am aware of the upgrade path for the major version. I am somehow hesitant with my knowledge for the patch upgrade. Do I need to upload that patch as well on the FMC and run the same upgrade process like the major version?

This is the reference I used: How to Upgrade FTD Using FMC GUI | Step-by-Step Guide

Thank you all!

balaji.bandi · ‎10-13-2025

You can go directly upgrade check the matrix :

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/upgrade/management-center/740/upgrade-management-center-741/planning.html#r_ftd-upgrade-path

make sure backup the configuration out of the box

Upgrade FMC always first and then FTD

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Marvin Rhoads · ‎10-13-2025

That's correct. If it has Internet access, FMC is able to download the patch directly from Cisco (so you don't have to get it independently and upload it yourself).

View solution in original post

balaji.bandi · ‎10-13-2025

You can go directly upgrade check the matrix :

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/upgrade/management-center/740/upgrade-management-center-741/planning.html#r_ftd-upgrade-path

make sure backup the configuration out of the box

Upgrade FMC always first and then FTD

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads · ‎10-13-2025

As a patch, 7.6.2.1 can be installed only after first upgrading to 7.6.2.

Major and minor releases (e.g., upgrading from 7.2.9 to 7.6.2) can be done directly.

renzanjo-caparas · ‎10-13-2025

Thank you! Do I do below steps provided i am already in 7.6.2 (both FMC and FTDs):

1. Upload the patch file in the FMC
2. Upgrade the FMC to the patch version
3. Push the patch version into the FTDs.

Marvin Rhoads · ‎10-13-2025

That's correct. If it has Internet access, FMC is able to download the patch directly from Cisco (so you don't have to get it independently and upload it yourself).

renzanjo-caparas · ‎10-13-2025

@Marvin Rhoads @balaji.bandi

Thank you very much! I appreciate both your responses.

renzanjo-caparas · ‎10-13-2025

Sorry follow up question, will the FMC And FTDs reboot when the patch is applied? I cannot seem to find a document explicitly mentioning this. But as far as my knowledge goes, FMC should reboot after patch installation.

balaji.bandi · ‎10-13-2025

Its all depends on what patch you applied, FMC is reboot not an issue since it's Management only (only short period you can not use while rebooting)

But when planning FTD (if this is not an HA, you always need to do it in a maintenance window to reboot and apply the patch).

That patch document should guide you on whether a reboot is required.

BB

=====Preenayamo Vasudevam=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads · ‎10-14-2025

Yes - both FMC and FTD devices will reboot as part of patch installation.

As noted by @balaji.bandi, traffic is only affected when you have non-HA FTD devices. For HA pairs, the FMC takes care of upgrading one at a time and switching the Active role between the two members of the pair.