Home
Cisco
Security
Upgrade FMCs in a High Availability

Upgrade FMCs in a High Availability

By JMCristobal
- February 17, 2022
- in Security
20615
0

Equipment to be used:

  • FMC 2600 with version 6.4.0.10

The objective is to upgrade the FMC in HA to version 6.6.4

Before you begin, I recommend that you read the official documentation on the Cisco site for further reference. This guide explains how to prepare for and complete a successful upgrade of a Firepower Management Center.

Go to “Planning your Upgrade”.

Upgrade Procedure

1.-  Deploy configurations

Deploy > Select devices/changes > deploy

Make sure there are no pending updates for the sensor you are looking to upgrade. Deploy any available changes before starting the upgrade process.

Image 1.- Deploy > Deployment
2 .- Verify correct synchronization with the NTP server.
Image 2.- Verify NTP

3 .- Check disk space

System -> Monitoring -> Statistics

It is essential to check the disk space to ensure that the minimum required is met. The FMC v6.6.4 requires 15.1 GB in /Volume and 23 MB in /.

Image 3 .- Space in disk by partition

For more information here

4.- Check upgrade path.

Validate if version 6.4.0.10 can be upgraded directly to 6.6.4. According to the documentation, if it is possible.

Image 4.- Upgrade path

If the version you wish to upgrade is different from the one in this article, please visit the following link:

https://www.cisco.com/c/en/us/td/docs/security/firepower/upgrade/fpmc-upgrade-guide/planning.html#id_58959

5.- Backup

System > Tools > Backup/Restore > Firepower Management backup > Backup configuration > Start backup

Perform configuration backup of the FMC

Image 5.- Firepower Management Backup
Image 6.- Create Backup

More information here

6.- Download upgrade file
Image 7.- Download upgrade file

Firepower software packages are available on the Cisco Support & Download site.

https://software.cisco.com/download/home/278875421

7.- Upload upgrade file to the FMCs

System > Updates > Upload update > Choose file > Upload

In FMC high availability deployments, you must upload the FMC upgrade package to both peers (Standby and active)

Image 8
Image 9.- Upload File
Image 10.- Notification

Note: Upload the file in both FMC

8.- Pause HA synchronization in FMC Active.

System > Integration > High availability > Pause synchronization

Click in Pause Syncronization

Image 12.- Click in Pause Synchronization

Click Yes

Image 13

Click OK

Image 14

The message will be displayed: 

Image 15.- Degraded, synchronization incomplete
9.- Upgrade FMC Standby

We started the update in the FMC standby.

Locate the update file and click on Install.

Image 16.- Install

Prior to installation, run the readiness check to verify that everything is correct for the upgrade.

Image 17.- Select FMC an Launch Readiness Check

Wait for the Readiness Check to be completed:

Image 18.- Readiness Check Complete

After success readiness check, go ahead with installation the upgrade:

Image 19.- Install Upgrade

The estimated time for the upgrade is 60 minutes and 28 minutes for the reboot (for each FMC).

Click in Accept in the following notifications:

Image 20
Image 21
Image 22.- Installation started
Image 23

After restarting, log in again, and if prompted, review and accept the End User License Agreement (EULA).

Image 24.- Accept EULA

Validate version actual the FMC in Help > About:

Image 25
Image 26.- Help > About
10.- Upgrade FMC Active

Repeat all steps of point 9

11.- Restart synchronization

Log into the FMC that you want to make the active peer.

Choose System > Integration.

On the High Availability tab, click Make-Me-Active. Wait until synchronization restarts and the other FMC switches to standby mode.

Image 27.- Make Me Active

Image 28
Image 29
Image 30
Image 31
Image 32
Image 33

HA Full:

Finally, all that remains is to update SRUs, VDB and deploy the changes.

Regards!

Facebook Comments

You may also like

How-to Install SSH Server on Linux 

1.- Install with apt-get command on Ubuntu: sudo