Yes in future it will be managed by FMC. Physically the firewall distance from FMC is geographically very far

What is managing it at the moment?

If it is nothing, including no local management, you can re-image the module to the new software version.

Not being managed at the moment and it has a firepower version 5.3.1. Re-image to version 6.0.0 or 6.0.1.1?

You have to re-image to 6.0.0.

So I still have to get to base image and do an upgrade.

That's where my initial question started, can the SFR perform patches via CLI? Or must it be ran from FMC GUI?

I don't believe patches can be done from CLI.

I see, what about FTD images? I was told that the below:

http://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/5500X/ftd-55xx-X-qsg.html#pgfId-182159

By running the command:

> system install http://upgrades.example.com/packages/ftd-6.0.0-567.pkg

I don't know about FTD images.

Hi Jetsy, 

Thanks for your input, let me explain here:

The current FW my customer have is in production being managed by using ASDM, as they just recently bought SFR license. But the issue that they are facing is, the patch files are too big to be transferred over VPN.

Their firewall is in another country, meanwhile the FMC is in another country. But the FMC version is 6.0.1 but their SFR is only version 5.3.1. So their plan is to have the SFR re-imaged to version 6.0.0 and then apply the patches or is there a way that we can re-image SFR to at least version 6.0.1?

And future patches, is there a way to be done over CLI or must it be done via FMC GUI?