Updating FMC & SFR module

mohammadrezafathikohi · ‎11-20-2020

Hello,

We have a Cisco ASA 5508-x with SFR module in our company. The FMC's software version is 6.3.0 and the SFR module is 6.2.0.5. I know that updating the FMC to 6.6.1 is quite easy through the web interface but my real challenge is updating the SFR module to the 6.6.1 version. So how can I update that? Please give a step-by-step solution. Thank you

balaji.bandi · ‎11-20-2020

Once you upgrade to FMC 6.6, ASA SFR not compatible as per matrix, so you need to uplift the SFR version to manage with FMC

https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/firepower-fmc.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads · ‎11-20-2020

1. Upload the ASA Firepower service module update packages for both 6.3.0 and 6.6.1 to your FMC. Also upload the FMC 6.6.1 upgrade package.

2. Upgrade the ASA Firepower service module to 6.3.0 (redeploy policy after every upgrade to sync FMC to the service module)

3. If it's an FMC VM, shutdown the FMC and increase memory to 32 GB. Restart the VM.

4. Upgrade FMC to 6.6.1.

5. Upgrade the ASA Firepower service module to 6.6.1.

mohammadrezafathikohi · ‎11-21-2020

Thank you Marvin,

- you mean I should upload the upgrade packages for both sfr and fmc through system—-> update section?

- My FMC VM currently has 16GB of memory. Why should I increase that to 32GB? If I do not increase the ram, is that going to work?

- if i upgrade FMC to 6.6.1 first , will my sfr module be in sync? I think i should upgarde sfr and then fmc. What do you think?

Marvin Rhoads · ‎11-23-2020

Yes, both FMC and Firepower service module update packages must be first downloaded from cisco.com to your computer and then uploaded to the FMC (using System > Update). FMC itself will only directly download minor releases and patches.

FMC 6.6+ requires 28 GB (32 GB recommended). If you do not have this much memory assigned to the VM, installation will fail. It is a hard check built into the installation scripts.

FMC always needs to be at or above the version of the managed devices. So we always upgrade FMC first, taking care to check the Firepower compatibility matrix:

https://www.cisco.com/c/en/us/td/docs/security/firepower/compatibility/firepower-compatibility.html#reference_A0CAB7C28A2B440F8F901D316D6684F4

jespinosa · ‎08-16-2022

A little off topic , Is there a way to down grade, the sfr module from 6.7 to 6.4 ?? from the CLI OR FMC ??

THANKS IN ADVANCE !!

balaji.bandi · ‎08-16-2022

Personally, i do not encourage to downgrading, some features may break, instead re-image with 6.4 (make sure you understand the risk) also check FMC compatibility.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

jespinosa · ‎08-18-2022

Yes thanks for all your advice i will repost my results end of day, many thanks

jespinosa · ‎10-12-2022

thank you my friend , yes down grading , has to much going on, very good advice