Re: SFR Module upgrade (5.4.1 to 6.0.1.29) - difference between .sh img pkg files

alexk1041 · ‎05-24-2019

Hello

i have been checking details about the process of upgrading an sfr module of a 5516 ASA from 5.4.1 to 6.0.1.29 (and anything above), but some guides mention .sh file and some other only boot image (to communicate between asa and sfr module) and pkg (which is for the system of the SFR module i think). Thus, im a little confused about the steps:

1. install pre-install of 6.0.0 (.sh file)

2. install sensor upgrade 6.0.0 (.sh file, what about image and pkg)?

3. install 6.0.1.29 (there is only .sh file)

Furthermore, all these 'should' be done via FMC, right? Because many guides i see are only done via cli locally on the asa and was wondering why.

GRANT3779 · ‎05-24-2019

Hi Alex,

Looking here - https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html

As you seem to know, you can upgrade direct to 6.0 from 5.4.1. From there, upgrade to 6.0.1.

In your case you will need to install - Cisco_Network_Sensor_6.0.0_Pre-install-5.4.1.999-2.sh

Then the upgrade - Cisco_Network_Sensor_Upgrade-6.0.0-1005.sh

Lastly - Cisco_Network_Sensor_Patch-6.0.1-29.sh

You can do this all from the FMC - You can download the files, upload them to the FMC and then install in the order above. You may be able to download them also straight from the FMC.

The PKG file would be used in tandem with the boot .img if you were erasing current sensor software and looking to reinstall completely. Some people decide to go this route if they have a long upgrade path to get to the desired version. It is usually quicker and cleaner to just uninstall current version and build the SFR module with the up to date preferred version.

alexk1041 · ‎05-24-2019

I think i understand now. In theory, even when you provision , it comes with a default version , 5.4.1, so even in that case , its not a 'fresh install' , thus .sh files would be used as it would be an upgrade, right?

You have to 'manually' uninstall the sfr and theinstall boot image and pkg file, since they include the 'whole' version. Right?

If you uninstall, can you install directly any version you want i assume? so if uninstalling 5.4.1, you could install directly boot image and pkg of lets say, 6.2.3 ? Otherwise, i dont see much of a benefit.

GRANT3779 · ‎05-24-2019

Hi Alex,

Yes, if you were to uninstall the current software from the module you could then go ahead and install the latest and greatest version (if supported on the hardware). No intermediate versions or upgrades required, just fresh install of the Version you require.

Marvin Rhoads · ‎05-24-2019

If you want to replace the existing 5.4.1 with 6.2.3 you can do that straight away. Upload the new boot image (.img file) and set it as the recover image then "recover" the module. That will make it ready to receive the .pkg file to complete initialization.

Once you've completed installation using the pkg file, you can patch it to the latest (e.g. 6.2.3.13) using the .sh (shell script) files. Normally we do the patching from FMC (centrally managed) or ASDM (locally managed) but it can also be done from cli.