I'm trying to see if I can get some clarification/sanity check on the process to upgrade an FMC and the SFR modules in both a 5525x and 5506x. I have a TAC case open for the issue which is pushing us to upgrade, but TAC is not exactly helpful in explaining the process and I'm new to both ASAs and FMCs. The Cisco doc at https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/firepower-fmc.html doesn't help much either as it only covers the FMC. I found https://www.cisco.com/c/en/us/td/docs/security/asa/upgrade/asa-upgrade/planning.html#id_59002 but that seems to cover the ASA and not the SFR.
Systems are:
FMC: 6.2.3.2-46 (virtual appliance)
5525X: 9.6(3)20
5506X: 9.9(2)
Target: 6.4.0.4-34 (current gold star)
Per TAC, the 5506X cannot be upgraded past 6.2.3, so they would be coming up to the highest interim release in that train. Presently that is 6.2.3.15. The FMC is managing the 5525x and two 5506x units, at 3 separate locations (FMC and 5525 at HQ, 5506s are at branch sites).
TAC has told me to start with upgrading the FMC. I was also told that I shouldn't need to touch the ASA code as it's over 9.6. My current understanding is that in the FMC I browse to system>updates and upload the file that I'll pull from Cisco's web site, followed by install and reboot. Great. Now, once I upgrade the FMC, how do I upgrade the SFR modules in the 3 firewalls? How do I keep two firewalls on 6.2.3 while bringing the 5525 up to 6.4?
Any help and/or bourbon donations are appreciated.
No comments:
Post a Comment