cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2720
Views
0
Helpful
11
Replies

Patching ASA Firepower

chanccmtech
Level 1
Level 1

Good Day all,

If I were to patch ASA Firepower module from version 6.0.0 to 6.0.1.1, can this be done via CLI?

If yes, please point me to the correct guide. Thanks. 

11 Replies 11

Philip D'Ath
VIP Alumni
VIP Alumni

Is this controlled by a Firesight management appliance?  If so you need to use that to do the software upgrade.

Yes in future it will be managed by FMC. Physically the firewall distance from FMC is geographically very far

What is managing it at the moment?

If it is nothing, including no local management, you can re-image the module to the new software version.

Not being managed at the moment and it has a firepower version 5.3.1. Re-image to version 6.0.0 or 6.0.1.1?

You have to re-image to 6.0.0.

So I still have to get to base image and do an upgrade.

That's where my initial question started, can the SFR perform patches via CLI? Or must it be ran from FMC GUI?

I don't believe patches can be done from CLI.

I see, what about FTD images? I was told that the below:

http://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/5500X/ftd-55xx-X-qsg.html#pgfId-182159

By running the command:

> system install http://upgrades.example.com/packages/ftd-6.0.0-567.pkg

I don't know about FTD images.

Jetsy Mathew
Cisco Employee
Cisco Employee

Hello Team,

Ideally the upgrade or update patch should be done from FMC GUI . 

Here is the release notes for the same. In this its has the steps on how to upgrade the devices.

  • Firepower System Release Notes, Version 6.0.1.1

http://www.cisco.com/c/en/us/td/docs/security/firepower/601/6011/relnotes/firepower-system-release-notes-version-6011.html

I cannot see any info regards with either ASDM or FMC manages your device. How it is managed now ? If there is nothing manages the device then you can reimage directly the firepower module to 6.0.1.1. Also kindly setup the FMC in future.

Kindly rate if this answer helps you.

Regards

Jetsy 

Hi Jetsy, 

Thanks for your input, let me explain here:

The current FW my customer have is in production being managed by using ASDM, as they just recently bought SFR license. But the issue that they are facing is, the patch files are too big to be transferred over VPN.

Their firewall is in another country, meanwhile the FMC is in another country. But the FMC version is 6.0.1 but their SFR is only version 5.3.1. So their plan is to have the SFR re-imaged to version 6.0.0 and then apply the patches or is there a way that we can re-image SFR to at least version 6.0.1?

And future patches, is there a way to be done over CLI or must it be done via FMC GUI?

Review Cisco Networking for a $25 gift card