09-30-2016 01:59 AM - edited 03-12-2019 06:08 AM
I have two sourcefire management centres (MC2000 appliances) running 5.4.1.7 as an HA Pair. They would have been on version 6 but 6 didn't support HA.
Now 6.1 has been released it does support HA for the management centres.
However the upgrade path from 5.4.1.7 is....
Version 5.4.1.x > Version 6.0 Pre-Installation Package > Version 6.0 > Version 6.0.1.x > Version 6.1
or
Version 5.4.1.x > Version 6.0 Pre-Installation Package > Version 6.0 > Version 6.0.1. > Version 6.1 Pre-Installation Package > Version 6.1
So does this mean I have to break the HA pair, upgrade the appliances and then reform the HA.
Or would you break the HA pair, upgrade one appliance and re-image the second appliance then rejoin the HA.
Finally is there an option to reimage the appliance and restore the database to the new box.
I am trying to figure out the best method to do this.
Giles
Solved! Go to Solution.
10-03-2016 07:20 AM
Your first method will work.
There is an iso image "Sourcefire_Defense_Center_S3-6.1.0-330-Restore.iso" available at https://software.cisco.com/download/release.html?mdfid=286290710&flowid=77262&softwareid=286271056&release=Rules%20Updates&relind=AVAILABLE&rellifecycle=&reltype=latest
Unfortunately you cannot restore the earlier version backup onto the newer version.
10-03-2016 09:04 AM
Under the covers FirePOWER Management Center runs a database and, like most database-based products, versions upgrades change the schemas, tables etc. Thus the restore process needs the backup to have been done from the same version.
A version 6.1 FMC can manage sensors at 5.4.0.6 or later. So if any of your sensors are earlier than that, they should be upgraded first.
Please see table 2 here for details:
http://www.cisco.com/c/en/us/td/docs/security/firepower/610/relnotes/Firepower_System_Release_Notes_Version_610.html#26828
10-03-2016 04:55 AM
Hello Team,
HA started supporting from 6.1 . To know how to start with the upgrade of HA pair please refer the following release notes and check the section "Firepower Management Centers in a High Availability Pair" .
You cannot update Firepower Management Centers in a high availability pair directly to Version 6.1. You must break the high availability configuration before beginning the update path to Version 6.1.
http://www.cisco.com/c/en/us/td/docs/security/firepower/610/relnotes/Firepower_System_Release_Notes_Version_610.html#pgfId-564967
Rate and mark the answers and post which are helpful.
Regards
Jetsy
10-03-2016 05:54 AM
Ok I will accept I need to break the HA pair first.
In this case would the following make sense.
Unless I can restore the 5.4 database onto 6.1 and this would be quicker... i.e.
10-03-2016 07:20 AM
Your first method will work.
There is an iso image "Sourcefire_Defense_Center_S3-6.1.0-330-Restore.iso" available at https://software.cisco.com/download/release.html?mdfid=286290710&flowid=77262&softwareid=286271056&release=Rules%20Updates&relind=AVAILABLE&rellifecycle=&reltype=latest
Unfortunately you cannot restore the earlier version backup onto the newer version.
10-03-2016 08:57 AM
Pity I can't do the backup and restore but at least I know what to plan for now...
Will I have to upgrade the sensors during the main path or will 6.1 be able to operate a 5.4 agent?
10-03-2016 09:04 AM
Under the covers FirePOWER Management Center runs a database and, like most database-based products, versions upgrades change the schemas, tables etc. Thus the restore process needs the backup to have been done from the same version.
A version 6.1 FMC can manage sensors at 5.4.0.6 or later. So if any of your sensors are earlier than that, they should be upgraded first.
Please see table 2 here for details:
http://www.cisco.com/c/en/us/td/docs/security/firepower/610/relnotes/Firepower_System_Release_Notes_Version_610.html#26828
10-04-2016 01:32 AM
Thanks for that - I did have a faint hope that the restore procedure may have worked but it looks like a long day to upgrade the appliance... All my sensors are running 5.4.0.8 so at least I can schedule the upgrade of them at a later date.
Thanks again
Giles
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: