cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4397
Views
10
Helpful
11
Replies

upgrade Firepower

nasser2002_2005
Level 1
Level 1

Hi everyone,

my Firepower version is 5.3.0 and i want to upgrade it to 6.2.0 . Is that possible or i have to first upgrade it to 5.4.0 .

the same thing about firesight .

Also can i upgrade the firepower from Firesight .

thanks 

1 Accepted Solution

Accepted Solutions

FMC first has to be at or above the version of all its managed sensors.

Additionally, FMC 6.2+ can only manage sensors at version 6.1+.

If you upgrade or rebuild your FMC to 6.2, you can re-image the FirePOWER module to 6.2 as well. Re-imaging can only be done from the cli.

You can do inline upgrades from FMC by following the sequences in the release notes. If your module is running a very old version, it requires numerous steps and each is time-consuming and requires downtime. That is why is is recommend to simply re-image if you can.

View solution in original post

11 Replies 11

Hi Naseer,

You need sensor upgrade file to upgrade the sensor and firepower management center upgrade file to upgrade the firepower management center.

You need to check the upgrade path of firepower management center in the following link and then you can upgrade firepower sensor through FMC:

http://www.cisco.com/c/en/us/td/docs/security/firepower/620/relnotes/Firepower_System_Release_Notes_Version_620/updating_to_version_6_2_0.html#id_39128
http://www.cisco.com/c/en/us/td/docs/security/firepower/620/relnotes/Firepower_System_Release_Notes_Version_620/important_update_notes.html#id_38002

If this was helpful, please give it a thumbs up

Spooster IT Services Team

Marvin Rhoads
Hall of Fame
Hall of Fame

On your FirePOWER module, it is easier to re-image it fresh after you have upgraded your FireSIGHT (now known as Firepower Management Center).

Similarly if there is a minimal configuration on your FMC, it is easier to rebuild.

Inline upgrades from 5.3 can be done but require a pretty large number of intermediate steps (as described in the release notes posted earlier) and can be quite time-consuming.

Thank you for your respond 
the Defense Center running software version: 5.3.0
and the FirePOWER module 5.3.1 
and i have those file 
asasfr-5500x-boot-6.2.0-2.img
asasfr-sys-6.2.0-362 (1).pkg
Cisco_Network_Sensor_Hotfix_A-6.2.0.1-10 (1).sh
Cisco_Network_Sensor_Hotfix_A-6.2.0.1-10.sh
Sourcefire_3D_Defense_Center_S3_Patch-6.2.0.2-51
before i do this step can i go to FMC and click on download and download those file .
or i have to do it through the CLI

THX

FMC first has to be at or above the version of all its managed sensors.

Additionally, FMC 6.2+ can only manage sensors at version 6.1+.

If you upgrade or rebuild your FMC to 6.2, you can re-image the FirePOWER module to 6.2 as well. Re-imaging can only be done from the cli.

You can do inline upgrades from FMC by following the sequences in the release notes. If your module is running a very old version, it requires numerous steps and each is time-consuming and requires downtime. That is why is is recommend to simply re-image if you can.

Hi Marvin,

If you take the "re-image" route can you do a backup of the 5.3 system and import it into a 6.2 system, or would the re-image require re-configuration from scratch?

If you re-image Firepower Management Center, all configurations are lost. You cannot restore a backup from an earlier version onto the newly built updated one.

If you re-image a sensor you can re-add it to FMC after you bootstrapped it. Apply the licenses and then re-deploy the original policies from FMC. By following that route, the sensor is back to the original policy set with the version up to date.

Hi Marvin,

Do you have a link or reference on how to re-image from the cli?

Thanks

Sure - you can follow this process:

https://www.cisco.com/c/en/us/support/docs/security/asa-firepower-services/118644-configure-firepower-00.html#anc7

Can FMC 6.2.0 manage 5516X firepower module with version 6.2.2?
not sure 6.2.2 is considered same version as 6.2.0.

Thank you in advance..

It cannot.

 

The FMC must be greater than or equal to the version of all managed devices. That includes the patch level.

 

Furthermore an FMC at version 6.2 or later cannot manage any sensors with versions prior to 6.1.

Hello Marvin, 

 

Can you share reference Cisco doc for below statement. 

 

"The FMC must be greater than or equal to the version of all managed devices. That includes the patch level."

 

 

 

Review Cisco Networking for a $25 gift card