05-24-2019 03:02 AM - edited 02-21-2020 09:10 AM
Hello
i have been checking details about the process of upgrading an sfr module of a 5516 ASA from 5.4.1 to 6.0.1.29 (and anything above), but some guides mention .sh file and some other only boot image (to communicate between asa and sfr module) and pkg (which is for the system of the SFR module i think). Thus, im a little confused about the steps:
1. install pre-install of 6.0.0 (.sh file)
2. install sensor upgrade 6.0.0 (.sh file, what about image and pkg)?
3. install 6.0.1.29 (there is only .sh file)
Furthermore, all these 'should' be done via FMC, right? Because many guides i see are only done via cli locally on the asa and was wondering why.
05-24-2019 03:23 AM
Hi Alex,
Looking here - https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html
As you seem to know, you can upgrade direct to 6.0 from 5.4.1. From there, upgrade to 6.0.1.
In your case you will need to install - Cisco_Network_Sensor_6.0.0_Pre-install-5.4.1.999-2.sh
Then the upgrade - Cisco_Network_Sensor_Upgrade-6.0.0-1005.sh
Lastly - Cisco_Network_Sensor_Patch-6.0.1-29.sh
You can do this all from the FMC - You can download the files, upload them to the FMC and then install in the order above. You may be able to download them also straight from the FMC.
The PKG file would be used in tandem with the boot .img if you were erasing current sensor software and looking to reinstall completely. Some people decide to go this route if they have a long upgrade path to get to the desired version. It is usually quicker and cleaner to just uninstall current version and build the SFR module with the up to date preferred version.
05-24-2019 05:31 AM
I think i understand now. In theory, even when you provision , it comes with a default version , 5.4.1, so even in that case , its not a 'fresh install' , thus .sh files would be used as it would be an upgrade, right?
You have to 'manually' uninstall the sfr and theinstall boot image and pkg file, since they include the 'whole' version. Right?
If you uninstall, can you install directly any version you want i assume? so if uninstalling 5.4.1, you could install directly boot image and pkg of lets say, 6.2.3 ? Otherwise, i dont see much of a benefit.
05-24-2019 06:04 AM
05-24-2019 06:41 PM
If you want to replace the existing 5.4.1 with 6.2.3 you can do that straight away. Upload the new boot image (.img file) and set it as the recover image then "recover" the module. That will make it ready to receive the .pkg file to complete initialization.
Once you've completed installation using the pkg file, you can patch it to the latest (e.g. 6.2.3.13) using the .sh (shell script) files. Normally we do the patching from FMC (centrally managed) or ASDM (locally managed) but it can also be done from cli.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: