Upgrading firepower scenario

SupportAC · ‎02-14-2018

We are going to upgrade our firepower platform.

We have cluster FMC4000 (Active/Passive), and two sensors (FP4140). These are the current versions:

FMC4000

FTD version: 6.2.0.2

FP4140:

Firmware 1.0.10
FTD version: 6.2.0.2
FXOS version: 2.1.1.77

-----------------------------------------------------

We would like to upgrade the FMC and sensors to these versions:

FMC- >upgrade FTD to 6.2.0.4 (we can jump to this version directly)

FP4140 -> FXOS version upgrade to: 2.3.1.58 (we can jump to this version directly)
Firepower version upgrade to: 6.2.0.4 (we can jump to this version directly)

Firmware 1.0.10, should we upgrade firmware too? is any compatibility between firmware and FXOS or FTD? any upgrade path?

------------------------

What would be the order to upgrade this scenario?

1) upgrade passive FMC(2) to 6.2.0.4.

2) force failover to passive FMC(2).

3) upgrade FMC(1).

4) failover again to leave all in the same way they were.

Related to sensors

1) upgrade firmware from 1.0.10 to 1.0x (if its necessary)

2) upgrade FXOS to 2.3.1

3) upgrade FTD to 6.2.0.4

Are these steps OK?? correct order? anything to keep in mind?

Marvin Rhoads · ‎02-15-2018

Regarding the FMC upgrade, the exact procedure is spelled out here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/6201/relnotes/Firepower_Release_Notes_Version_620x/important_update_notes.html#id_51099

The sensor order looks OK.

Regarding the sensors' firmware, see the important notes about it in the FX-OS release notes:

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos231/release/notes/fxos231_rn.html#pgfId-155816