07-02-2019 06:47 PM - edited 02-21-2020 09:16 AM
Hi.
I have firepower appliance model 8350. I want to upgrade software version of firepower (sensor) and firesight (FMC)-VM to the latest one. My current software version for firepower (5.3.0.7) and firesight (5.4.0). Anybody know the step to upgrade this software version and what is upgrade path for the software.
07-02-2019 10:48 PM
It seems like nobody has upgraded that system for many years.
If it is not running in production use it will be easier to reimage both FMC and the sensor and go from there.
If you upgrade inline (no reimage) then you must do many intermediate steps and it will take you several days.
07-03-2019 01:10 AM
Almost 4 years this system never upgraded. This system running in production and still be used.
If i upgrade inline, what is the step??? because it is my first time to upgrade this firmware.
And what is the path for firmware to be upgrade???
07-03-2019 05:35 AM
Firesight become Firepower Management Center as of release 6.0.
To upgrade your Firesight, always keep in mind that you cannot get too far ahead of your managed devices. This matrix shows you compatibility:
So for Firesight you would go:
Firepower 5.4.1.x → Preinstall → 6.0 → Preinstall → 6.0.1 → 6.1 → 6.4
Do it similarly for your sensor except it is starting from an earlier release:
Firepower 5.3.0.7 → 5.4 → 5.4.0.2 → Preinstall → 6.0 → Preinstall → 6.0.1 → 6.1 → 6.4
Suggested order would be get the sensor up to 5.4.0.2 first. (Check your patch on the Firesight - if it doesn't have 5.4.0.2 patch it first.)
Then get your FMC up to 6.1.
Then the sensor likewise to 6.1.
Then FMC up to 6.4.
Then the sensor to 6.4.
Finally patch both FMC and then sensor to 6.4.0.2 (or the latest patch - right now that's the most current one)
Before starting make sure your Snort rules (SRU), VDB and Geolocation are all up to date on both Firesight and your sensor.
Redeploy policies to your sensor after every upgrade (FMC or sensor) to keep things in sync.
There's probably a solid 3 days of work there IF nothing goes wrong. You should open a TAC case proactively just in case. Also it ensures you have support in advance. If you don't have TAC support I wouldn't even start the process - too much risk.
Hopefully your interfaces are fail-open inline mode to minimize impact to production traffic. Otherwise each sensor upgrade or patch will cause an outage.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide