Upgrade Preparations for FMC-Managed FTDs

Issue

The main issue addressed is the workflow and technical requirements for performing an upgrade on Cisco Firepower Threat Defense (FTD) devices managed by a Cisco Firepower Management Center (FMC). This article details the preparatory steps, best practices, and considerations to ensure a successful FTD upgrade operation.

Environment

• Technology: Cisco Secure Firewall Firepower

• Subtechnology: Firepower Threat Defense (FTD) - Software Update

• Cisco Firepower Threat Defense (FTD) Managed by Firepower Management Center (FMC)

Resolution

Planning

• Identify current versions, device models, and deployment configurations such as high availability or scalability.

• Determine the correct upgrade path for your FMC and managed devices. The FMC must run the same or newer version than the managed devices. Review upgrade paths for FMC, FTD, and FXOS if applicable.

  • Install and Upgrade Guides

• Read critical and release-specific upgrade notes, including new and deprecated features, bugs, and upgrade warnings.

  • Firepower Release Notes

• Ensure you can access the management interfaces of both FMC and managed devices without traversing the devices themselves (ie: direct/remote console access).

• Confirm sufficient bandwidth for transferring upgrade packages, preferably uploading packages ahead of time to avoid timeouts.

• Plan upgrades during low-impact times, considering traffic flow and inspection effects as well as effects on adjacent systems. For Firepower upgrades, at least 1 hour must be allotted for the upgrade of any one device. Another hour must be added to the total window time for any sudden troubleshooting required.

Backups

• Perform backups of FMC, FTD devices, and FXOS (if applicable) before starting the upgrade. This ensures that configurations can be restored in the event of an upgrade failure or unexpected issue. To back up FMC configuration: Navigate to System > Tools: Backup/Restore in the FMC UI and click the Firewall Management Backup button. It is best practice to export these backups to an external storage system and to have multiple copies available.

  • Backing up FMC and FTD

Upgrade Packages

• Download the appropriate upgrade packages from Cisco for your specific platform. Be aware that some products reaching EOS/EOL in some cases do not have high versions available for download.

• Upload the upgrade packages to the FMC and managed devices as needed to stage them for install.

  • Upgrade Procedure through FMC for Firepower Devices

Readiness Checks

• Use the FMC upgrade wizard or System Updates page to run readiness checks prior to upgrading.

• These scripts allow early identification of any upgrade-preventing issues.

• Resolve any issues that cause readiness checks to fail before proceeding.

Additional Recommendations

• Avoid deploying configuration changes during upgrade to prevent system instability.

• If upgrade fails or device becomes unresponsive, contact Cisco TAC.

• Review Cisco documentation for detailed upgrade paths, compatibility, and troubleshooting.

Cause

None. This is a standard upgrade preparation workflow for Cisco FTD managed by FMC.

Related Content

• Cisco Technical Support & Downloads

• Upgrade FTD HA Managed by FMC

• Troubleshoot Firepower File Generation Procedures

• Release Notes