Upgrade FMCs in a High Availability

Upgrade FMCs in a High Availability

- in Security
1703
0

Equipment to be used:

  • FMC 2600 with version 6.4.0.10

The objective is to upgrade the FMC in HA to version 6.6.4

Before you begin, I recommend that you read the official documentation on the Cisco site for further reference. This guide explains how to prepare for and complete a successful upgrade of a Firepower Management Center.

Go to “Planning your Upgrade”.

Upgrade Procedure

1.-  Deploy configurations

Deploy > Select devices/changes > deploy

Make sure there are no pending updates for the sensor you are looking to upgrade. Deploy any available changes before starting the upgrade process.

Image 1.- Deploy > Deployment
2 .- Verify correct synchronization with the NTP server.
Image 2.- Verify NTP

3 .- Check disk space

System -> Monitoring -> Statistics

It is essential to check the disk space to ensure that the minimum required is met. The FMC v6.6.4 requires 15.1 GB in /Volume and 23 MB in /.

Image 3 .- Space in disk by partition

For more information here

4.- Check upgrade path.

Validate if version 6.4.0.10 can be upgraded directly to 6.6.4. According to the documentation, if it is possible.

Image 4.- Upgrade path

If the version you wish to upgrade is different from the one in this article, please visit the following link:

https://www.cisco.com/c/en/us/td/docs/security/firepower/upgrade/fpmc-upgrade-guide/planning.html#id_58959

5.- Backup

System > Tools > Backup/Restore > Firepower Management backup > Backup configuration > Start backup

Perform configuration backup of the FMC

Image 5.- Firepower Management Backup
Image 6.- Create Backup

More information here

6.- Download upgrade file
Image 7.- Download upgrade file

Firepower software packages are available on the Cisco Support & Download site.

https://software.cisco.com/download/home/278875421

7.- Upload upgrade file to the FMCs

System > Updates > Upload update > Choose file > Upload

In FMC high availability deployments, you must upload the FMC upgrade package to both peers (Standby and active)

Image 8
Image 9.- Upload File
Image 10.- Notification

Note: Upload the file in both FMC

8.- Pause HA synchronization in FMC Active.

System > Integration > High availability > Pause synchronization

Click in Pause Syncronization

Image 12.- Click in Pause Synchronization

Click Yes

Image 13

Click OK

Image 14

The message will be displayed: 

Image 15.- Degraded, synchronization incomplete
9.- Upgrade FMC Standby

We started the update in the FMC standby.

Locate the update file and click on Install.

Image 16.- Install

Prior to installation, run the readiness check to verify that everything is correct for the upgrade.

Image 17.- Select FMC an Launch Readiness Check

Wait for the Readiness Check to be completed:

Image 18.- Readiness Check Complete

After success readiness check, go ahead with installation the upgrade:

Image 19.- Install Upgrade

The estimated time for the upgrade is 60 minutes and 28 minutes for the reboot (for each FMC).

Click in Accept in the following notifications:

Image 20
Image 21
Image 22.- Installation started
Image 23

After restarting, log in again, and if prompted, review and accept the End User License Agreement (EULA).

Image 24.- Accept EULA

Validate version actual the FMC in Help > About:

Image 25
Image 26.- Help > About
10.- Upgrade FMC Active

Repeat all steps of point 9

11.- Restart synchronization

Log into the FMC that you want to make the active peer.

Choose System > Integration.

On the High Availability tab, click Make-Me-Active. Wait until synchronization restarts and the other FMC switches to standby mode.

Image 27.- Make Me Active

Image 28
Image 29
Image 30
Image 31
Image 32
Image 33

HA Full:

Finally, all that remains is to update SRUs, VDB and deploy the changes.

Regards!

Facebook Comments

You may also like

Install Docker in Ubuntu

In this article we will learn how to