Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
805
Views
1
Helpful
1
Replies

upgrade from 9.18(2) to 9.18(3).46 failed firepower

smsdpk
Level 1
Level 1

‎08-11-2023 10:27 AM

Trying to upgrade from 9.18(2) to 9.18(3).46. Rebooting standby firewall first, BIOS and Firepower upgrades completed fine. ASA upgrade started but then something went wrong, and the system reached:

Please wait for Cisco ASA to come online...49...

And then went to:

Application fa▒▒▒go online, launching fxos console!
firepower-1010-failed login:

A second reboot failed in the same way. The image appears to be on the firewall and is giving conflicting information:

firepower-1010-failed /ssa # show fault

Severity  Code     Last Transition Time     ID       Description
--------- -------- ------------------------ -------- -----------
Major     F1394    2023-08-11T13:33:17.499   5012750 Failed to start App Instanc
e asa on slot 1. Error: Security Module is in FailSafe mode. Please check for Sy
stem Faults and Errors

Labels:
1 Reply 1

hemohemoh
Level 1
Level 1

‎08-29-2023 02:44 AM

It seems that your ASA upgrade failed on your Firepower 1010 device and caused it to enter FailSafe mode. This mode is triggered when the device detects a critical error or a corrupted image. To recover from this mode, you need to do the following steps:

  • Connect to the device console using a serial cable or a USB-to-serial adapter.
  • Reboot the device and press ESC when prompted to enter ROMMON mode.
  • In ROMMON mode, use the 'dir' command to list the available images on the device. You should see something like this:
    ---------------------------------
    rommon 1 > dir
    bootflash:
    -#- --length-- -----date/time------ path
    1 1024 Aug 11 2023 13:33:17 .private/startup-config
    2 1024 Aug 11 2023 13:33:17 .private/mode
    3 1024 Aug 11 2023 13:33:17 .private/boothelper
    4 1024 Aug 11 2023 13:33:17 .private/boothelper.sig
    5 1024 Aug 11 2023 13:33:17 .private/boothelper.log
    ...
    n1 <size> <date> asa-fp2k.9.18(2).SPA
    n2 <size> <date> asa-fp2k.9.18(3).46.SPA
    ---------------------------------
  • Identify the image that you want to boot from. In this case, you may want to boot from the previous version (9.18(2)) that was working before the upgrade. Note the file name of the image (e.g., asa-fp2k.9.18(2).SPA).
  • Use the 'boot' command to boot from the image. For example:
    ---------------------------------
    rommon 2 > boot bootflash:asa-fp2k.9.18(2).SPA
    ---------------------------------
  • Wait for the device to boot up and verify that it is operational.
  • If you want to retry the upgrade, make sure that you have a valid image file and follow the upgrade guide.

HTH!

0 Helpful
Customers Also Viewed These Support Documents