Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
843
Views
0
Helpful
2
Replies

Scriptability of sensor patch application

Go to solution
ryanbwn
Level 1
Level 1

‎01-03-2018 06:13 AM - edited ‎02-21-2020 07:03 AM

I'm a developer for an integrator that updates and configures customer hardware before they take delivery of it. I was asked to create a process to automate the integration of a large amount of ASA 5506-X appliances which includes a sensor patch update. Doing this through the ASDM GUI is not going to work for 2000+ firewalls. I know that the sensor patches are just shell scripts that can be run from expert mode, but it seems as though cisco doesn't support this practice. Is there a way to apply the patch using ANY kind of non-GUI, whether it be through the console port, ssh, or an API?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-03-2018 07:44 AM

You're correct in that they are just shell scripts (albeit pretty big ones).

 

I seem to remember one of the TAC engineers who sometimes posts here recommending using the cli method to perform a sensor upgrade as an alternative when the GUI was not working as designed.

 

There is a nice blog post on doing just that here:

 

https://ciscoskills.net/2017/07/12/update-firepower-devices-manually/

 

As an aside, if the client has a large number of ASA 5506-X they should be managed via FMC. You can push upgrades to multiple devices at once pretty easily using FMC.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-03-2018 07:44 AM

You're correct in that they are just shell scripts (albeit pretty big ones).

 

I seem to remember one of the TAC engineers who sometimes posts here recommending using the cli method to perform a sensor upgrade as an alternative when the GUI was not working as designed.

 

There is a nice blog post on doing just that here:

 

https://ciscoskills.net/2017/07/12/update-firepower-devices-manually/

 

As an aside, if the client has a large number of ASA 5506-X they should be managed via FMC. You can push upgrades to multiple devices at once pretty easily using FMC.

0 Helpful

Go to solution
ryanbwn
Level 1
Level 1
In response to Marvin Rhoads

‎01-03-2018 09:38 AM

Thanks Marvin. I appreciate the reply. I'm building out the process based on the post you shared and it's exactly what I was looking for. As for FMC, I'm sure they use it in-house but unfortunately I don't have access to their infrastructure. The process I'm working on basically just pre-seeds the ASA's for plug and play use.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card