Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2000
Views
0
Helpful
6
Replies

Sourcefire Upgrade Question

Go to solution
bgl-group
Level 1
Level 1

‎09-30-2016 01:59 AM - edited ‎03-12-2019 06:08 AM

I am after some advice here.

I have two sourcefire management centres (MC2000 appliances) running 5.4.1.7 as an HA Pair. They would have been on version 6 but 6 didn't support HA.

Now 6.1 has been released it does support HA for the management centres.

However the upgrade path from 5.4.1.7 is....

Version 5.4.1.x > Version 6.0 Pre-Installation Package > Version 6.0 > Version 6.0.1.x > Version 6.1
or
Version 5.4.1.x > Version 6.0 Pre-Installation Package > Version 6.0 > Version 6.0.1. > Version 6.1 Pre-Installation Package > Version 6.1

So does this mean I have to break the HA pair, upgrade the appliances and then reform the HA.

Or would you break the HA pair, upgrade one appliance and re-image the second appliance then rejoin the HA.

Finally is there an option to reimage the appliance and restore the database to the new box.

I am trying to figure out the best method to do this.

Giles

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to bgl-group

‎10-03-2016 07:20 AM

Your first method will work.

There is an iso image "Sourcefire_Defense_Center_S3-6.1.0-330-Restore.iso" available at https://software.cisco.com/download/release.html?mdfid=286290710&flowid=77262&softwareid=286271056&release=Rules%20Updates&relind=AVAILABLE&rellifecycle=&reltype=latest

Unfortunately you cannot restore the earlier version backup onto the newer version.

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to bgl-group

‎10-03-2016 09:04 AM

Under the covers FirePOWER Management Center runs a database and, like most database-based products, versions upgrades change the schemas, tables etc. Thus the restore process needs the backup to have been done from the same version.

A version 6.1 FMC can manage sensors at 5.4.0.6 or later. So if any of your sensors are earlier than that, they should be upgraded first.

Please see table 2 here for details: 

http://www.cisco.com/c/en/us/td/docs/security/firepower/610/relnotes/Firepower_System_Release_Notes_Version_610.html#26828

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Jetsy Mathew
Cisco Employee
Cisco Employee

‎10-03-2016 04:55 AM

Hello Team,

HA started supporting from 6.1 . To know how to start with the upgrade of HA pair please refer the following release notes and check the section "Firepower Management Centers in a High Availability Pair" .

You cannot update Firepower Management Centers in a high availability pair directly to Version 6.1. You must break the high availability configuration before beginning the update path to Version 6.1.

http://www.cisco.com/c/en/us/td/docs/security/firepower/610/relnotes/Firepower_System_Release_Notes_Version_610.html#pgfId-564967

Rate and mark the answers and post which are helpful.

Regards

Jetsy 

0 Helpful

Go to solution
bgl-group
Level 1
Level 1
In response to Jetsy Mathew

‎10-03-2016 05:54 AM

Ok I will accept I need to break the HA pair first.

In this case would the following make sense.

  1. Break HA
  2. Upgrade one node through to 6.1
  3. Re-image second node to 6.1 (assuming there is an ISO or similar I can use for this).
  4. Restore the HA configuration

Unless I can restore the 5.4 database onto 6.1 and this would be quicker... i.e.

  1. Break HA
  2. reimage node to 6.1
  3. backup original node
  4. restore this to the new 6.1 box
  5. reimage second node
  6. restore HA configuration
0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to bgl-group

‎10-03-2016 07:20 AM

Your first method will work.

There is an iso image "Sourcefire_Defense_Center_S3-6.1.0-330-Restore.iso" available at https://software.cisco.com/download/release.html?mdfid=286290710&flowid=77262&softwareid=286271056&release=Rules%20Updates&relind=AVAILABLE&rellifecycle=&reltype=latest

Unfortunately you cannot restore the earlier version backup onto the newer version.

0 Helpful

Go to solution
bgl-group
Level 1
Level 1
In response to Marvin Rhoads

‎10-03-2016 08:57 AM

Pity I can't do the backup and restore but at least I know what to plan for now...

Will I have to upgrade the sensors during the main path or will 6.1 be able to operate a 5.4 agent?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to bgl-group

‎10-03-2016 09:04 AM

Under the covers FirePOWER Management Center runs a database and, like most database-based products, versions upgrades change the schemas, tables etc. Thus the restore process needs the backup to have been done from the same version.

A version 6.1 FMC can manage sensors at 5.4.0.6 or later. So if any of your sensors are earlier than that, they should be upgraded first.

Please see table 2 here for details: 

http://www.cisco.com/c/en/us/td/docs/security/firepower/610/relnotes/Firepower_System_Release_Notes_Version_610.html#26828

0 Helpful

Go to solution
bgl-group
Level 1
Level 1
In response to Marvin Rhoads

‎10-04-2016 01:32 AM

Thanks for that - I did have a faint hope that the restore procedure may have worked but it looks like a long day to upgrade the appliance... All my sensors are running 5.4.0.8 so at least I can schedule the upgrade of them at a later date.

Thanks again

Giles

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card