cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6393
Views
7
Helpful
11
Replies

VDB update is not working for VDB 363, 364

jaewon
Level 1
Level 1

Hi guys,

VDB update is not working for VDB 363, 364, has anyone experienced this symptom?

jaewon_0-1683211773802.png

 

1 Accepted Solution

Accepted Solutions

INFOTECH.jw
Level 1
Level 1

Hi,

as you can see in https://bst.cisco.com/bugsearch/bug/CSCwe51219

"Running FMC on version less than: 7.0.6, 7.2.4, 7.3.1.1, 7.4.0"

"Before you install VDB 363+, upgrade the management center or device manager."

 

I have the same problem on running version 7.0.5.

Seems that 7.0.6 is not yet available.

7.0.5 is still recommend release...

View solution in original post

11 Replies 11

@jaewon perhaps related to this field notice - Automatic Software Downloads And Content Updates Might Fail After January 10, 2023 - Software Upgrade Recommended

https://www.cisco.com/c/en/us/support/docs/field-notices/725/fn72501.html

 

Thank you for that information Rob.

But my case is little bit different, I can download that VDB 364 in FMC, and then when I install it, it shows Local Install error as I attached upper.
GeoDB and SRU etc are fine.

for some reason, VDB 363 and VDB 364 list is gone.

jaewon_0-1683232796933.png

 

Same situation here. It failed on installation, now its gone.  Installing from a download says 364 is already installed.  Still showing 361 though.

brettius
Level 1
Level 1

I have same issue, if you try to run it again it fails, it deletes the uploaded VDB file.

brettius
Level 1
Level 1

Not sure if this pertains to your issue exactly, but I ran into similar if not same issue, and it seems I will need to jump my FMCv to a higher release before I can solve the issue.  Here is where I found the info:

Secure Firewall Application Detectors (cisco.com)

These devices can run out of memory with newer VDBs, if running Snort 2:

  • ASA 5506-X series
  • ASA-5508-X and 5516-X
  • ASA-5512-X, 5515-X, 5525-X and 5545-X

The fix is to install a smaller VDB package on these lower memory devices, which requires both a VDB and a software update. If your deployment includes an affected device, you must upgrade the management software before you can install VDB 363+. In management center deployments, this means you upgrade the management center (device upgrades are not required). In device manager deployments, you upgrade the device.

For information on the software releases and hotfixes that include this fix, see: CSCwd55058:

INFOTECH.jw
Level 1
Level 1

Hi,

as you can see in https://bst.cisco.com/bugsearch/bug/CSCwe51219

"Running FMC on version less than: 7.0.6, 7.2.4, 7.3.1.1, 7.4.0"

"Before you install VDB 363+, upgrade the management center or device manager."

 

I have the same problem on running version 7.0.5.

Seems that 7.0.6 is not yet available.

7.0.5 is still recommend release...

7.2.4 is the candidate for the next Suggested release recommendation. I have it on 3 customers since it was released last week and it is working fine. It does allow installation of VDB 364 on ASA 5500 series Firepower service modules.

Thank you INFOTECH.jw

My previous version of FMC was 6.6.5. I updated it to 7.2.4, as like you said there's no 7.0.6. VDB 364 is working.
fyi, when Sensor is lower version, it might show the alert message like below:
Unable to upgrade DC while attached Sensor(HQ-SFR-Primary version 6.4.0.14) is too old(< 6.6.0).

Joe C
Level 1
Level 1

VDB 364 is failing on our ASA FirePOWER 6.6.7.1 (build 42) install.  ASA hardware is 5545-X which and ASA FirePOWER 6.6.x is the last supported release for the 5545-X platform.  Will this 7.x software fix/upgrade be available for the FirePOWER 6.6.x code level?

As long as FMC is upgraded to a fixed release, it will work with ASA Firepower service module running 6.6.x.

The compatibility guide tells us FMC through 7.2.x can manage those older modules:

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/compatibility/threat-defense-compatibility.html#Cisco_Reference.dita_78462dbc-06a1-4c7f-92b4-e9cdefc0825d

So you can upgrade FMC to 7.2.4 (available now) or wait for 7.0.6.

If you are still running FMC 6.x, it will not be fixed since it is past-End of Software Maintenance since March 2, 2023:

https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw/firepower-ftd-fmc-6-6x-fxos-2-8x-eol.html

Review Cisco Networking for a $25 gift card