cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1407
Views
0
Helpful
3
Replies

UPGRADE SOFTWARE VERSION FOR CISCO FIREPOWER (SENSOR ) AND FIRESIGHT (FMC)

Hi.

I have firepower appliance model 8350. I want to upgrade software version of firepower (sensor) and firesight (FMC)-VM to the latest one. My current software version for firepower (5.3.0.7) and firesight (5.4.0). Anybody know the step to upgrade this software version and what is upgrade path for the software. 

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

It seems like nobody has upgraded that system for many years.

If it is not running in production use it will be easier to reimage both FMC and the sensor and go from there.

If you upgrade inline (no reimage) then you must do many intermediate steps and it will take you several days.

Almost 4 years this system never upgraded. This system running in production and still be used.

 

If i upgrade inline, what is the step??? because it is my first time to upgrade this firmware.

 

And what is the path for firmware to be upgrade???

Firesight become Firepower Management Center as of release 6.0.

To upgrade your Firesight, always keep in mind that you cannot get too far ahead of your managed devices. This matrix shows you compatibility:

https://www.cisco.com/c/en/us/td/docs/security/firepower/upgrade/fpmc-upgrade-guide/compatibility.html

So for Firesight you would go:

Firepower 5.4.1.x → Preinstall → 6.0 → Preinstall → 6.0.1 → 6.1 → 6.4

Do it similarly for your sensor except it is starting from an earlier release:

Firepower 5.3.0.7 → 5.4 → 5.4.0.2 → Preinstall → 6.0 → Preinstall → 6.0.1 → 6.1 → 6.4

Suggested order would be get the sensor up to 5.4.0.2 first. (Check your patch on the Firesight - if it doesn't have 5.4.0.2 patch it first.)

Then get your FMC up to 6.1.

Then the sensor likewise to 6.1.

Then FMC up to 6.4.

Then the sensor to 6.4.

Finally patch both FMC and then sensor to 6.4.0.2 (or the latest patch - right now that's the most current one)

Before starting make sure your Snort rules (SRU), VDB and Geolocation are all up to date on both Firesight and your sensor.

Redeploy policies to your sensor after every upgrade (FMC or sensor) to keep things in sync.

There's probably a solid 3 days of work there IF nothing goes wrong. You should open a TAC case proactively just in case. Also it ensures you have support in advance. If you don't have TAC support I wouldn't even start the process - too much risk.

Hopefully your interfaces are fail-open inline mode to minimize impact to production traffic. Otherwise each sensor upgrade or patch will cause an outage.

Review Cisco Networking for a $25 gift card