Re: Re-imaging Firepower Device - Can't find ISO in Interactive Menu

EverythingBagel62093 · ‎10-27-2020

I uploaded the ISO to a SCP enabled server. When attempting to re-image the Firepower Device (8130), I put in the IP address, authorized user name for the SCP server, full path to the ISO image directory (/home/username), and password for the username.

It messages me saying that it cant' find the ISO, but when I SSH into the SCP server it's there. When I telnet to test that port 22 is open, I get a "Protocol mismatch" message. But the device and SCP can connect. Looking for some advice regarding this issue.

Thank you in advance.

Marvin Rhoads · ‎10-27-2020

Does your SCP server allow you to designate the home directory when you create the username? If so then you should be able to use the file name without a path from the 8130 menu. It may be failing to pass the path info to the server (or double-prepending it).

EverythingBagel62093 · ‎10-27-2020

Hi Marvin,

When I give the path, should that include the ISO file name? The documentation says to have the full path to the ISO image directory.

EverythingBagel62093 · ‎10-27-2020

Is the only way to load the ISO into the device for re-imaging really via downloading from a http/ftp/scp server?

gilbert.aispuro1 · ‎10-27-2020

*****DISREGARD**********

Nope, just load the image to a USB, preferably one less than 4G-8G, and VIOLA! I had to do this because my FP2110's came with a corrupted image, TWICE.

gilbert.aispuro1 · ‎10-27-2020

*****DISREGARD**********

Download Image from USB (not signed image, but the .SPA)

#scope firmware

/firmware# download image usbA:cisco-ftd-fp2k.6.6.0-90.SPA

Check Progress of Download

/firmware # show download-task

Download task:

File Name Protocol Server Port Userid State

--------- -------- --------------- ---------- --------------- -----

cisco-ftd-fp2k.6.6.0-90.SPA

Usb A 0 Downloading

/firmware # show download-task detail

**************Stage1**************

File Name: cisco-ftd-fp2k.6.6.0-90.SPA

Protocol: Usb A

Server:

Port: 0

Userid:

Path:

Downloaded Image Size (KB): 0

Time stamp: 2020-07-27T14:06:26.615

State: Downloading

Status:

Transfer Rate (KB/s): 0.000000

Current Task: downloading image cisco-ftd-fp2k.6.6.0-90.SPA from (FSM-STAGE:

sam:dme:FirmwareDownloaderDownload:Local)

**************Stage2**************

File Name: cisco-ftd-fp2k.6.6.0-90.SPA

Protocol: Usb A

Server:

Port: 0

Userid:

Path:

Downloaded Image Size (KB): 1106917

Time stamp: 2020-07-27T14:06:26.615

State: Downloading

Status: validating and unpacking the image

Transfer Rate (KB/s): 23551.425781

Current Task: unpacking image cisco-ftd-fp2k.6.6.0-90.SPA on primary(FSM-STA

GE:sam:dme:FirmwareDownloaderDownload:UnpackLocal)

**************Stage3**************

File Name: cisco-ftd-fp2k.6.6.0-90.SPA

Protocol: Usb A

Server:

Port: 0

Userid:

Path:

Downloaded Image Size (KB): 1106917

Time stamp: 2020-07-27T14:08:49.861

State: Downloaded

Status: Successful unpack the image

Transfer Rate (KB/s): 7740.678223

Current Task:

/firmware # show download-task

Download task:

File Name Protocol Server Port Userid State

--------- -------- --------------- ---------- --------------- -----

cisco-ftd-fp2k.6.6.0-90.SPA

Usb A 0 Downloaded

Verify Image is Packaged and Ready for Install

fp02 /firmware # show package

Name Package-Vers

--------------------------------------------- ------------

cisco-asa-fp2k.9.8.2.SPA 9.8.2

cisco-ftd-fp2k.6.2.3-83.SPA 6.2.3-83

cisco-ftd-fp2k.6.6.0-90.SPA 6.6.0-90

fxos-k9-fp2k.2.8.1.105.SPA 2.8.1.105

Install Package

/firmware # scope auto-install

/firmware/auto-install # install security-pack version 6.6.0-90

The system is currently installed with security software package 6.2.3-83, which has:

- The platform version: 2.3.1.84

- The CSP (ftd) version: 6.2.3.83

If you proceed with the upgrade 6.6.0-90, it will do the following:

- upgrade to the new platform version 2.8.1.105

- reimage the system from CSP ftd version 6.2.3.83 to the CSP ftd version 6.6.0.90

During the upgrade, the system will be reboot

Do you want to proceed ? (yes/no):yes

This operation upgrades firmware and software on Security Platform Components

Here is the checklist of things that are recommended before starting Auto-Install

(1) Review current critical/major faults

(2) Initiate a configuration backup

Attention:

If you proceed the system will be re-imaged. All existing configuration will be lost,

and the default configuration applied.

Do you want to proceed? (yes/no):yes

/firmware/auto-install # sho

Firmware Auto-Install:

Package-Vers Oper State Upgrade State

------------ ---------------------------- -------------

6.6.0-90 Scheduled Validating Images

Marvin Rhoads · ‎10-28-2020

@gilbert.aispuro1 your procedure works for a device running FXOS like a Firepower appliance. That option is not available on the older 3D series NGIPS appliances (7000 and 8000 series)

gilbert.aispuro1 · ‎10-31-2020

Whoops