Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1203
Views
0
Helpful
4
Replies

Reimage Question

m.azlan
Level 1
Level 1

‎04-07-2021 11:30 PM - edited ‎04-07-2021 11:32 PM

Hi,

 

I have some question regarding reimage FTD. We have a model Cisco 5545. The current version is 5.4.0-764 and plans to upgrade to 6.6.1. The question is can we use the backup current version after reimaging to 6.6.1? Since the path is very long, we try to consider reimage the FTD.

 

Another question, can we configure bypass mode to prevent interruption during upgrade/reimage? Meaning that to apply fail-open, I guess the term.

0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-08-2021 09:15 PM

You seem to be asking about the ASA Firepower service module (not FTD).

When you reimage a Firepower service module, all configuration from the old module is lost. It cannot be migrated per se. If it was being managed by a Firepower Management Center, the Access Control Policy (and all other associated policies) can be reapplied to the newly imaged module.

You will have to re-do the bootstrap configuration of the module in either case (IP address, gateway, etc.).

If the class-map entry for sfr is fail-open then there will be no service impact when reimaging (other than loss of IPS services of course).

0 Helpful

m.azlan
Level 1
Level 1
In response to Marvin Rhoads

‎04-09-2021 01:17 AM

Hi Marvin,

 

Thank you for your reply. May I know if reimage, meaning that, we just need to configure the IP, gateway, etc and then establish a connection between FMC and FTD after that push the configuration (policy, etc) from FMC? it should be work right? no need to configure all the configuration right?

 

class-map entry for sfr is fail-open, may I know which guide to refer to this one? we need to configure before perform the upgrade.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-09-2021 07:24 AM

m.azlan - that's correct.

Step 7 in the following document sets the fail-open or fail-close action using ASDM:

https://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/sfr/firepower-qsg.html#pgfId-150498

More details on the actual cli command:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/S/asa-command-ref-S/sa-shov-commands.html#wp3900250880

0 Helpful

ajmn
Cisco Employee
Cisco Employee

‎03-11-2025 04:50 AM

Hi, m.azlan. Please take a look at https://youtu.be/uYJRLAcG0vY for more information. 

https://youtu.be/uYJRLAcG0vY
youtu.be/uYJRLAcG0vY
This video takes you through the process of reimaging your Cisco Secure Firewall 1200 series device from ASA to Threat Defense software. In this video, the presenter uses a remote server to copy the Threat Defense image file to the firewall device's flash memory. Timestamps: 0:00 - 0:09 - ...
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card