FMC and FTD Firmware Upgrade
1. Check the TAC support.
2. Send SOC for firmware recommendation.
3. Propose patching date to the customer.
4. Open a Cisco TAC case.
5. Send email to customer confirming the date.
Procedure (1) FMC
1. Take back up from FMC and FTD on both devices.
2. Download the back to a shared location.
3. Send an email to the customer before the outage.
4. Click on Systems > Update to install the firmware on FMC.
5. Run readiness check for errors. Readiness check: this will take 10 minutes. when starting it, nothing will progress, but after that, it starts to show the progress bar.
6. It will pass the check and then you have to press the install button. When clicking on the install button, it will directed to update/System page. Then you can see the task tab to see the progress.
7. This will take 60-90 minutes to reboot the FMC. Meantime, the web GUI disconnected. We can ping the IP. But cannot log in using our domain credentials. I used an admin account. (The login page looks traditional). When you log in, you can see the progress.
8. There isn’t any network interruption. Installation (may take 60-90 minutes)
9. When rebooting the FMC, you cannot access it via your credentials. You have to log in via an admin account. Then you can see the progress. (Here, at 9% it took 30 minutes, and then 22% took another 30 minutes).
10. When rebooting the FMC, a msg popped up on the WEB screen saying the system is rebooting.
11. This time you cannot ping, So put a continuous ping and verify the FMC connectivity.
12. Once ping success, after a couple of minutes you can access the FMC via WEB with your credentials. When the page is refreshed, it will take a little time to load the page. Then you can login via domain credentials.
13. Verify the upgrades firmware.
14. Send an email to the client.
Procedure (2) FTD devices.
1. System Update and install.
2. It will install the firmware for the secondary device as it is.
3. This will take 30 minutes to upgrade the secondary.
4. While installing the process you can see, retry, and remove maintenance messages. Don’t panic here. It takes time and finishes the installation for secondary. Meantime you can see it has been upgraded to the new version.
5. Rebooting the FTD.
6. Then this happens to the primary device.
7. When rebooting it goes to secondary due to HA.
8. After completing both, you can see the upgraded version on FTD in the device tab.
9. Then you must deploy the policies if it's available to do so.
10. Here, you can see the warning and error before pressing the deploy button.
11. All completed.
12. Send an email to the client and close the change.
#FMC #FTD #7.0.1
No comments:
Post a Comment