Solved: Re: Reimage a Failed Firepower 1120 - Firmware

Matthew Martin · ‎10-16-2023

Hello All,

Firepower: FPR-1120

firepower1120 /system # show firmware
  Version: 7.0.1-84
  Startup-Vers: 7.0.1-84
firepower1120 /system # show image
Name                                          Type                 Version
--------------------------------------------- -------------------- -------
fxos-k9-fp1k-manager.2.10.1.175.SPA           Manager Image        2.10(1.175)
firepower1120 /system #

I had a TAC case open about a month or so ago regarding our FTD disappearing from the FMC. TAC basically found that the database was corrupted and the device needed reimaging, which at that time we were unable to do. But we are now able to perform this reimage.

My question is about Firmware selection. As you can see above, the current version was 7.0.1-84. When I do the reimage, am I able to reimage the device with the newest recommended version? Current recommended version is 7.2.5-208.

Am I able to perform this reimage with the 7.2.5 version, or does it need to match the already installed version?

If 7.2.5 is ok to use. Which file would I need to download? I assume it's the 3rd one listed in the attached screenshot, but just want to be sure.

Thanks in Advance,
Matt

Rob Ingram · ‎10-16-2023

@Matthew Martin no issues, save yourself a step and just upgrade the FMC to 7.2.5 now, then reimage the FTD to 7.2.5.

View solution in original post

Rob Ingram · ‎10-16-2023

@Matthew Martin yes you can reimage the FTD to 7.2.5, assuming the FMC is 7.2.5 or higher.

Yes, use the 3rd image on the list, which is for a fresh install/reimage.

Matthew Martin · ‎10-16-2023

Hey Rob, thanks for the reply.

Actually, it looks like the version is 7.0.5.

Cisco Firepower Management Center for VMware

None

7.0.5 (build 72)

Cisco Firepower Extensible Operating System (FX-OS) 2.10.1 (build1400)

Ok, I see now. The FTD version cannot exceed the FMC version...

Would my best course of action be to reimage the FTD to a version <= 7.0.5 and then upgrade the FMC, then the FTD again?

Would it cause any issues if I upgraded the FMC first and then re-imaged the FTD to 7.2.5?
As of right now the FMC is not managing anything, as this one FTD device is currently the only device the FMC is/was managing. So this would probably be a good time to upgrade the FMC, if that sounds like the right course of action.

Thanks in Advance,
Matt

Rob Ingram · ‎10-16-2023

@Matthew Martin no issues, save yourself a step and just upgrade the FMC to 7.2.5 now, then reimage the FTD to 7.2.5.

Matthew Martin · ‎10-16-2023

Was searching for an FMC Virtual upgrade guide and I noticed this statement below at the following link:
https://www.cisco.com/c/en/us/td/docs/security/firepower/upgrade/fpmc-upgrade-guide/upgrade_firepower_management_centers.html

"Make sure the appliances in your deployment are healthy and successfully communicating."

Currently our FMC and FTD devices are not able to communicate with each other. Do you still think it's safe to upgrade the FMC to 7.2.5 first?

-Matt

Rob Ingram · ‎10-16-2023

@Matthew Martin well if the FTD is failed and it needs reimaging, then it makes no difference. Under normal circumstances you would upgrade with all managed devices with established connectivity to the FMC. Once the FMC is upgraded and the FTD reimaged, just reimage the device, setup with the mgmt address and routing, establish connectivity to the FMC and deploy the policies.

Matthew Martin · ‎10-16-2023

Ok perfect, thanks again Rob!

Sorry, one last question about file selection. I assume I want this one highlighted in the screenshot below. Our FMC is installed in VMware (*ESXi 7.0.3).

-Matt

Rob Ingram · ‎10-16-2023

@Matthew Martin yes that's correct.

Upgrade guide and checklist. https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/upgrade/management-center/720/upgrade-management-center-72/upgrade-mgmt-center.html

Matthew Martin · ‎10-16-2023

Ok great, thanks for all the help Rob! Much appreciated!

-Matt