This document describes the processes with examples for reimaging a Cisco FireSIGHT Management Center (FMC) and FirePOWER appliances.
There are no specific requirements for this document.
The information in this document is based on the following hardware models and lists the software versions available for each model.
FireSIGHT Management Center
Software Versions Available for Reimage
Cisco FirePOWER 7000 Series
Cisco FirePOWER 7100 Series
Cisco FirePOWER 8100 Series Cisco FirePOWER 8200 Series
FS 750 FS 1500 FS 3500
5.2 or later
Firepower 8300 Series
Cisco AMP 7150 Cisco AMP 8150
5.3 or later
Caution: Do not insert a USB storage device or plug a Keyboard, Video, and Mouse (KVM) switch when you upgrade or reimage a FireSIGHT Management Center or a FirePOWER appliance.
Before You Begin
If you plan to reimage a Management Center or stand-alone Firepower device, it is recommended to back up your appliance before you proceed.
Identify the model of your sensor and use the list of models in the Components Used section in order to verify that this guide is appropriate.
Download the appropriate installation guide and disk image for your desired software version from the Cisco Support site.
Note: Do not rename an .iso file.
Serve the image: The .iso file should be copied to a host that runs an SSH server reachable from the management network of the appliance to be reimaged.
Note: If no other SSH server is available, an FMC can be used for this process.
Verify the integrity of the iso: The md5sum of the files are provided on the right-hand side of the page for verification with an md5sum utility.
The installation guides contain step-by-step reimage instructions and also outlines several methods for performing the reimage. Follow the steps in the guide in order to complete the reimage. The screenshots provided in this document can be used for reference.
Overview of the Reimage Process
Note: The 5.3 version was used to capture the screenshots in this article. The reimage process is identical for other 5.x versions except for the version numbers that appear in the screenshots.
Figure 2 - When the system reboots, press an arrow key on the keyboard in order to halt the countdown to choose the System_Restore option for the screen depicted next.
Figure 4 - Choose option 0 if you use a keyboard and monitor.
Figure 7 - In order to select the network device, press the spacebar.
Figure 15 - Cisco Support recommends that you use the Secure Copy (SCP) protocol.
Figure 16 - It is possible to use a FireSIGHT Management Center as the SCP server for this step. Follow the steps in , and use the IP address and credentials for the Management Center in order to populate the fields in the System Restore menu.
Note: If you receive a connectivity error at this point instead of the expected message, verify your connection to the SSH server.
Figure 20 - In order to select the .iso image, press the spacebar.
Note: It is required to use the default filenames for the .iso files or the files might not be detected at this step.
Figure 22 - Cisco Support recommends to skip step 3 in this process. Patches and Snort Rule Updates (SRUs) can be installed after the reimage is complete.
Important note in regards to a reimage from a different major software version: If you attempt to reimage a device that previously ran a different major software version, such as if you reimage 5.1 > 5.2, 5.2 > 5.3, 5.3 > 5.2, and so on, you must complete the steps depicted in Figures 1 - 26 twice.
After you choose OK on the prompt shown in Figure 26, the System Restore partition is flashed to the new version and the appliance reboots.
After the reboot, you must begin the reimage process again from the start and continue through the process depicted in Figures 27b through 31.
If this is the first reimage from a different major software version, you will see the screen depicted in Figure 27a, followed by Figures 31 and 32.
Caution: If you see this screen, there might be a delay with no visible output after "Checking Hardware" and before "The USB device...". Do not press any keys at this time, or the device will reboot into an unusable state and will need to be reimaged once more.
If this is not the case, you will see the screens in Figure 27b through Figure 32.
Cisco Firepower Management Center 1000, 2500, and 4500
On FMC 1000, 2500, and 4500 the options are different. Use a KVM switch or the CIMC and while the device is booting you will be presented with the following options:
1 - Cisco Firepower Management Console VGA Mode
2 - Cisco Firepower Management Console Serial
3 - Cisco Firepower Management Console System Restore Mode
If you want to enter the Restore Mode using UI select the option 'Cisco Firepower Management Console System Restor Mode' (option 3) and then 'Cisco Firepower Management Console System Restore VGA Mode' (option 1):
The rest of the process is the same as on other FMC appliances.
System_Restore LILO Menu Option is Not Listed
The FireSIGHT Management Center and the FirePOWER 7000 and 8000 series appliances have an integrated flash drive which contains the reimage system. If the "System_Restore" option is not listed in the LILO (Linux Loader) boot menu, it is still possible to access this drive in order to complete the reimage.
7010, 7020, and 7030 Devices
If you use a 70XX Series device, complete these steps in order to select the boot device:
Power off the appliance gracefully.
Power on the appliance and press the Delete key repeatedly while the appliance boots up in order to access the boot device selection screen. See the screenshots shown here:
Use the right arrow key in order to select the Save & Exit tab. On this tab use the down arrow key in order to select SATA SM: InnoDisk. - InnoLite and press the Enter key.
Choose option 0 if you use a keyboard and monitor.
7110 and 7120 Devices
If you use a 71XX Series device, complete these steps in order to select the boot device:
Power off the appliance gracefully.
Power on the appliance and press the F11 key repeatedly while the appliance boots up in order to access the boot device selection screen. See the screenshot shown here:
Select option HDD:P1-SATADOM and press Enter in order to boot to the System_Restore partition.
8000 Series Devices or Management Center Models FS750, FS1500 or FS3500
If you use a 8000 Series device or Management Center model FS750, FS1500, or FS3500, complete these steps in order to select the boot device:
Power off the appliance gracefully.
Power on the appliance and press the F6 key repeatedly while the appliance boots up in order to access the boot device selection screen. See the screenshot shown here:
Select the USB option.
The appliance boots from the System_Restore partition and displays the System_Restore menu.
System restore for models FMC1000, FMC2500, FMC4500 (M4-Based FMCs)
The prompt to select system restore will appear differently for these models: FMC1000, FMC2500, FMC4500
During boot, you will see this screen for 5 seconds:
Select the System Restore option (#3 in this case).
Select the display method for the system restore (#1 for VGA in this case)
You will then arrive at the prompt seen in figure 5, and the process will continue as normal.
Boot Option Not Listed
It is possible that the option to boot to the reimage partition is not listed in the BIOS or the boot menu. If this is the case, the drive that contains the reimage system might be missing or damaged. An RMA is probably necessary.