FirePower Threat Defense (FTD) Code Upgrade Manually |
您所在的位置:网站首页 › bundle software › FirePower Threat Defense (FTD) Code Upgrade Manually |
Solution Below process will upgrade the FTD with no downtime and no traffic interruption. Before the upgrade process: Download the FTD platform bundle software package to which you are upgrading Backup your FTD configurations Deploy the policy to the devices you are about to upgrade Put the devices in Maintenance mode for not to create incidents Verify current xlate and connection count on FTD #Show xlate count #Show Conn count Make sure you have console access Make sure you have SSH access to the device (both local and AD) Upgrade FTD Software: Firepower 4100/9300
Step 1: Connect to FMC and choose system > Updates Click upload the Image to Upload Image dialog box.Click Choose File to navigate to and select the image that you want to uploadClick UploadStep 2: After the new platform bundle image is successfully uploaded, Click on push
Step 3: Once you click push, the device list will appear. Select the device which you want to upgrade and push
Step 4: Continue the upgrade process using CLI. Connect to Secondary Standby FTD
Firepower-module1>connect ftd Connecting to ftd console... enter exit to return to bootCLI
> expert Firepower-module1:/opt/bootcli/cisco/cli/bin$ sudo su - Password:
root@Firepower-module1:~# cd /ngfw/var/sf/updates/
root@Firepower-module1:/ngfw/var/sf/updates# install_update.pl /var/sf/updates/Cisco_FTD_SSP_Upgrade-6.3.0-85.sh.REL.tar
System: ARGV[0] = /var/sf/updates/Cisco_FTD_SSP_Upgrade-6.3.0-85.sh TODO:: Need to check Sybase Database is running in Standby Mode at /ngfw/usr/local/sf/bin/install_update.pl line 246. Verifying archive integrity... All good. Uncompressing Cisco FTD Patch / Fri May 26 23:33:01 UTC 2017............. [170621 01:01:52] ##################################### [170621 01:01:52] # UPGRADE STARTING [170621 01:01:52] ##################################### [170621 01:01:52] BEGIN 000_start/000_check_update.sh [170621 01:01:53] BEGIN 000_start/100_start_messages.sh [170621 01:01:53] BEGIN 000_start/100_zz_verify_bundle.sh [170621 01:01:53] BEGIN 000_start/101_run_pruning.pl [170621 01:01:58] BEGIN 000_start/102_check_sru_install_running.pl [170621 01:01:58] BEGIN 000_start/105_check_model_number.sh [170621 01:01:58] BEGIN 000_start/106_check_HA_sync.pl [170621 01:01:59] BEGIN 000_start/106_check_HA_updates.pl [170621 01:01:59] BEGIN 000_start/107_version_check.sh [170621 01:01:59] BEGIN 000_start/108_check_sensors_ver.pl [170621 01:02:00] BEGIN 000_start/109_check_HA_MDC_status.pl [170621 01:02:00] BEGIN 000_start/110_DB_integrity_check.sh [170621 01:02:02] BEGIN 000_start/111_FS_integrity_check.sh [170621 01:02:02] BEGIN 000_start/112_CF_check.sh ... [170621 01:08:14] BEGIN 999_finish/999_y_must_be_next_to_last_to_generate_integrity_data.sh [170621 01:08:15] BEGIN 999_finish/999_z_must_remain_last_finalize_boot.sh [170621 01:08:15] BEGIN 999_finish/999_zz_install_bundle.sh Cleaning up. shutdown PM on whitebox systems except Readiness package, sample patch and RNA redhat about to remove upgrade lock removed '/ngfw/tmp/upgrade.lock/main_upgrade_script.log' removed '/ngfw/tmp/upgrade.lock/status_log' removed '/ngfw/tmp/upgrade.lock/PID' removed '/ngfw/tmp/upgrade.lock/LSM' removed directory: '/ngfw/tmp/upgrade.lock' [170621 01:08:48] Attempting to remove upgrade lock [170621 01:08:48] Success, removed upgrade lock Upgrade lock /ngfw/tmp/upgrade.lock removed successfully. [170621 01:08:48] [170621 01:08:48] #######################################################
[170621 01:08:48] # UPGRADE COMPLETE # [170621 01:08:48] ####################################################### Process 1061 exited.I am going away. RC: 0 Update package reports success: almost finished... Scheduling a reboot to occur in 60 seconds...
Step 4: GO TO Primary Active and failover to Secondary Standby. Check the failover status Show failover Check the connection counts Show conn count Check the xlate count Show xlate count No failover active = This will failover the firewall. Again, Check the failover status, connection counts If all good, then do the same on Primary FTD
After the upgrade process: Deploy the policy to the devices you have upgraded Put the devices back in Production mode Verify current xlate and connection count on FTD #Show xlate count #Show Conn count Validate you have SSH access to the device (both local and AD). |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |