I’ve only recently started diving a bit deeper into Cisco Firepower. I’ve heard some mixed reviews regarding using and upgrading Firepower Management Center and the FTDs. Some have had decent luck while others seem to run into issues. As I have an FMC that is non-production (for now), I’ve decided to upgrade it to the latest version and find out for myself how difficult these upgrades are. I’ll also need to head into version 6.7 for some SAML capabilities on the FTDs. One factor you should look for when deciding to use certain products is how easy it is to maintain them.
My Firepower Management Center (FMC) is on version 6.6.1. The first thing to take a look at is the Upgrade Path. Can I jump from 6.6.1 to 6.7.0 or do I need to upgrade to a release that is in between them? Looking at Cisco’s documentation, I see that I can upgrade from 6.6.1 directly to 6.7.0. With any upgrade it is important to follow the path. If you’ve waited too long to jump on a newer version, you might have to perform multiple upgrades before you are “up to date”.
With a valid contract, login to Cisco’s website and download the desired version of software. As mentioned above, I am going to to upgrade the FMC to version 6.7.0. While the download is happening, let’s head to the FMC and ensure any recent changes I made have been deployed. At the top-right of the screen, click the Deploy menu. If you have any recent changes on the firewalls, make sure to deploy them by clicking the Deploy button.
By now, the download should be complete, however before we head into the upgrade process, let’s make sure we have a backup in case the process goes awry. At the top-right in the FMC will be the Settings/Gear icon. Click on Backup/Restore and click on the Firepower Management Backup button. Having a backup is extremely important (and not just for upgrades).
We have a backup and config changes have been deployed. Let’s upload the downloaded software to the FMC. Under the Settings/Gear, click on Updates. Here we can click the Upload Update button. Once there, select your software and upload.
Once the upload is successful, we can start the upgrade process. Of course, when upgrading any device, you’ll want to plan this out in a maintenance/change window. If you were upgrading firewalls traffic could and would be affected by what you do, so I am sure upgrading production devices in the middle of the day will not be the best thing to do. As this is the FMC and it is not production, we will proceed.
On the right side of the downloaded software, you will see the install and delete buttons. Let’s go ahead with the install.
The installation process brings you over to the Readiness Check. It is possible you might not have the correct software or resources needed for an upgrade. The Readiness Check will be important before moving forward. Click the Launch Readiness Check button.
Once the Readiness Check is complete, you should hopefully receive good news. If no issues were found, proceed with the install by clicking the Install button. Now we wait. It is going to take a bit of time too. If you are an avid watcher of paint drying, you can follow along with the process by clicking on the top-right Notifications menu icon and clicking Tasks.
Once the the install is complete and the reboot, you will want to login and make sure everything is in order. With new versions, you have new features and even changes to existing features. I hope you read those release notes before you upgraded! One thing to keep in mind are the patches. When visiting Cisco’s software downloads, you might have noticed patches for your particular software version. You will want to take a look at also installing those patches. The same process applies. This same process also applies to the FTDs you have. So far I have not had any issues with the upgrades to the FMC or the FTDs. The upgrades might take a bit of time, but they are pretty straight forward.
Zeros & Won 
Leave a comment