cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1857
Views
0
Helpful
13
Replies

upgrade process of firepower 2130

teamdv6199
Level 1
Level 1

hello

 

We have a old fire power that I have no idea how to upgrade. The actual device is a Cisco Firepower 2130 Threat Defense (77) Version 7.0.4 . Cisco Adaptive Security Appliance Software Version 9.16(3)18. and we have a FMC that is Cisco Firepower Management Center for VMware v7.0.4. Is the ASA on the actual physical box?  I am not understanding what I have to upgrade. Do i have to upgrade the actual fire power itself first and then the FMC? 

1 Accepted Solution

Accepted Solutions

@teamdv6199 the FMC and FTD use different upgrade packages. Upgrade to 7.2.6 to resolve the latest critical bug.

Upgrade the FMCv to 7.2.6 using the image:-

Cisco_Secure_FW_Mgmt_Center_Upgrade-7.2.6-168.sh.REL.tar - https://software.cisco.com/download/home/286259687/type/286271056/release/7.2.6

Upgrade the FTD to FTD 7.2.6 on the 2130 hardware using the image:-

Cisco_FTD_SSP_FP2K_Upgrade-7.2.6-167.sh.REL.tar - https://software.cisco.com/download/home/286312107/type/286306337/release/7.2.6

 

View solution in original post

13 Replies 13

7.2.6 has been removed from download.  7.2.7 is now the preferred download if you are running 7.2.x  I just upgraded from 7.2.4 to 7.2.7 without any issues for the FMC and FTDs   

 

So how do I upgrade the FTD then? from the link you sent me it looks like its just upgrading FMC. 

Upgrade FMC first. Then upgrade the FTDs (which is done via FMC).

When you upgrade FTD, it will include the built-in components that are referred to as "ASA". Reference: https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/compatibility/threat-defense-compatibility.html#id_67425

Sorry Marvin I have never updated this before and If it seems like I am asking, stupid questions forgive me. So, once I go to the FMC system > update> and upload the Cisco_Secure_FW_Mgmt_Center_Patch-7.2.5.1-29.sh.REL.tar FROM Software Download - Cisco Systems. Is there another FTD package I need to download? If so is it from the same link?

 

Also I thought ASA is different from FMC.

@teamdv6199 the FMC and FTD use different upgrade packages. Upgrade to 7.2.6 to resolve the latest critical bug.

Upgrade the FMCv to 7.2.6 using the image:-

Cisco_Secure_FW_Mgmt_Center_Upgrade-7.2.6-168.sh.REL.tar - https://software.cisco.com/download/home/286259687/type/286271056/release/7.2.6

Upgrade the FTD to FTD 7.2.6 on the 2130 hardware using the image:-

Cisco_FTD_SSP_FP2K_Upgrade-7.2.6-167.sh.REL.tar - https://software.cisco.com/download/home/286312107/type/286306337/release/7.2.6

 

7.2.6 has been removed from download.  7.2.7 is now the preferred download if you are running 7.2.x  I just upgraded from 7.2.4 to 7.2.7 without any issues for the FMC and FTDs   

From 7.0.4 to 7.2.5.1 you would first go to 7.2.5 and then patch to 7.2.5.1 (or you you just go to 7.2.6) - on FMC.

Once your FMC is upgraded you then add the FTD upgrade files to your FMC and install then on the managed 2130. The 2130 upgrade files can be found here: https://software.cisco.com/download/home/286312107/type/286306337/release/7.2.5

Thank you I am updating it now!

I get this now for the FTD. Am I supposed to find the snort version somewhere and update it? 
RECOVERY MESSAGE: Snort minimum version required for upgrade: 2.9.20. Device is running: 2.9.18.4. Deploy configurations to the device and try again.

 

on the FMC it looks like its already on version 2.9.20:

 

Version 2.9.20.6 GRE (Build 6102)
'''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using libpcap version 1.9.1 (with TPACKET_V3)
Using PCRE version: 8.44 2020-02-12
Using ZLIB version: 1.2.11

What is the exact current version and target version you are upgrading to for FTD? Table here here: https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/compatibility/threat-defense-compatibility.html#id_67425 says Snort 2.9.18.x would be included in FTD 7.0.x which should be compatible to upgrade to 7.2.x.

Thank you Marvin, I think the GUI just needed some time to sync up? I did not do anything, and it let me upgrade the FTD. 

Review Cisco Networking for a $25 gift card