Firepower FTD upgrade / update from cli and troubleshooting.

- May 06, 2021

1. FMC

Following only download the updates (patches), not the major upgrade packages.

System > Updates > [Download updates]

downloaded updates are in the following directory.

root@fmc:~# ls /var/sf/updates

Cisco_FTD_Patch-6.5.0.4-57.sh.REL.tar

Cisco_FTD_Patch-6.5.0.4-57.sh.REL.tar.METADATA

Cisco_Firepower_Mgmt_Center_Patch-6.5.0.4-57.sh.REL.tar

Cisco_Firepower_Mgmt_Center_Patch-6.5.0.4-57.sh.REL.tar.METADATA

Cisco_VDB_Fingerprint_Database-4.5.0-342.sh.REL.tar

Cisco_VDB_Fingerprint_Database-4.5.0-342.sh.REL.tar.METADATA

fix_sudoers.tgz

sf.xml

root@fmc:~#

Update log and status

root@fmc:~# ls /var/log/sf

Cisco_Firepower_Mgmt_Center_Patch-6.5.0.4 device_connection.log sru-2019-08-12-001-vrt verify_signature.log

VDB_update_info.txt initial_setup.log update.status

data_service.log online-help vdb-4.5.0-309

db_manage.log policy_deployment.log verify_file_integ.log

root@fmc:~#

root@fmc://var/log/sf/Cisco_Firepower_Mgmt_Center_Patch-6.5.0.4# ls

000_start 475_schema_downgrade dyn-preproc-upgrade-log maint_state snort-upgrade-log upgrade_status.log

200_pre 500_rpms flags.conf pmtool_status_0 status.log

300_os DBCheck.log main_upgrade_script.log sf_rpm_stub.log syncable

root@fmc://var/log/sf/Cisco_Firepower_Mgmt_Center_Patch-6.5.0.4# pigtail upgrade_status.log

FTD

downloaded updates are in the following directory.

admin@firepower:/var/sf/updates$ ls

Cisco_FTD_Patch-6.5.0.4-57.sh.REL.tar

Readiness check:

root@firepower:~# install_update.pl --detach --readiness-check /var/sf/updates/Cisco_FTD_Patch-6.5.0.4-57.sh.REL.tar

install_update.pl begins. bundle_filepath: /var/sf/updates/Cisco_FTD_Patch-6.5.0.4-57.sh.REL.tar

Skipping File System Integrity Check

root@firepower:~#

readiness check log:

# more /var/log/sf/Cisco_FTD_Patch-6.5.0.4/upgrade_readiness/main_upgrade_script.log

# more /ngfw/var/log/sf/Cisco_FTD_Patch-6.5.0.4/upgrade_readiness/main_upgrade_script.log

[210507 01:33:39:726] MAIN_UPGRADE_SCRIPT_START

[210507 01:33:39:764] Readiness check for :Cisco_FTD_Patch-6.5.0.4-57

[210507 01:33:39:766] #####################################

[210507 01:33:39:767] # UPGRADE READINESS CHECK STARTING

[210507 01:33:39:768] #####################################

[210507 01:33:39:794] SKIP 000_start/000_0_start_upgrade_status_api_stack.sh

[210507 01:33:39:807] BEGIN 000_start/000_check_platform_support.sh

..........

[210507 01:34:29:430] SKIP 200_pre/610_lamplighter_010_artifacts_export.sh

[210507 01:34:29:496] SKIP 200_pre/999_enable_sync.sh

[210507 01:34:29:556] MAIN_UPGRADE_SCRIPT_END

[210507 01:34:30:670] Readiness check completed....

[210507 01:34:30:678] Attempting to remove upgrade lock

[210507 01:34:30:679] Success, removed upgrade lock

[210507 01:34:30:681]

[210507 01:34:30:682] #######################################################

[210507 01:34:30:683] # UPGRADE READINESS CHECK COMPLETE status : PASS #

[210507 01:34:30:684] #######################################################

root@firepower:~#

If readiness failed:

#######################################################

UPGRADE READINESS CHECK COMPLETE status : FAILED #

#######################################################

#more main_upgrade_script.log | grep FAILED

[210506 03:05:38:483] FAILED 000_start/107_version_check.sh

UPGRADE READINESS CHECK COMPLETE status : FAILED #

Then check the corresponding log file under directory 000_start.

#more 000_start/107_version_check.sh.log

root@firepower:~# install_update.pl --detach /var/sf/updates/Cisco_FTD_Patch-6.5.0.4-57.sh.REL.tar

--detach keyword to ensure that the install process does not stop if your user session times out or is otherwise closed during the process.

ARGV[0] = --detach

ARGV[1] = /var/sf/updates/Cisco_FTD_Patch-6.5.0.4-57.sh.REL.tar

install_update.pl begins. bundle_filepath: /var/sf/updates/Cisco_FTD_Patch-6.5.0.4-57.sh.REL.tar

Skipping File System Integrity Check

root@firepower:~#

Upgrade status log:

# more /var/log/sf/Cisco_FTD_Patch-6.5.0.4/upgrade_status.log

TIMESTAMP:Fri May 7 01:41:13 UTC 2021 PERCENT:[44%] MESSAGE:Running script 500_rpms/210_backup_gwt_files.sh...

TIMESTAMP:Fri May 7 01:41:13 UTC 2021 PERCENT:[45%] MESSAGE:Running script 500_rpms/220_configure_mysql.pl...

TIMESTAMP:Fri May 7 01:41:13 UTC 2021 PERCENT:[45%] MESSAGE:Running script 500_rpms/300_examine_vmware_tools.sh...

TIMESTAMP:Fri May 7 01:41:14 UTC 2021 PERCENT:[46%] MESSAGE:Running script 500_rpms/500_install_files.sh...

root@firepower:Cisco_FTD_Patch-6.5.0.4#

When upgrade100% completed:

Broadcast message from root@firepower (Fri May 7 01:46:26 2021):

The system is going down for reboot NOW!

Search This Blog

Net Worker World

Firepower FTD upgrade / update from cli and troubleshooting.

Comments

Post a Comment

Popular posts from this blog

Firepower FMC and FTD troubleshooting

ASA IKEv1 VPN troubleshooting Steps and Tips

Firepower 2100/1100 FTD/ASA initial setup, reimage, upgrade.