This document describes a specific upgrade failure scenario seen on Firepower Threat Defense (FTD) when the upgrade procedure is not properly followed. It also covers the proposed solution.
An attempt to perform an upgrade results in the Update Install failed error as shown in this screenshot:
In the FTD Troubleshoot file, under this path ('x' characters will vary), there is a file named status.log. The file contains the transcript of the upgrade: results-xx-xx-xxxx--xxxxxx\dir-archives\var-log\sf\Cisco_FTD_SSP_Upgrade-6.x.x
Additionally, under this path there is a file named 006_check_snort.sh.log which further describes the reason for the failure: results-xx-xx-xxxx--xxxxxx\dir-archives\var-log\sf\Cisco_FTD_SSP_Upgrade-6.x.x\200_pre
In this case, the file contains these messages:
Snort build is too old.
Please apply AC Policy from FMC before attempting upgrade.
There are a few reasons why this error can occur:
Your Firepower Management Center was updated; however, the sensor which attempts to upgrade has not had a new policy deployment pushed out towards it.
Your Firepower Management Center has updated its Snort Rule Update (SRU); however, the sensor which attempts to upgrade has not had a new policy deployment pushed out towards it
In either situation the resolution is the same.
Once you have verified that the device encounters this issue, simply deploy a policy to the affected device in order to resolve the error. From Firepower Management Center, check the box next to the device to be upgraded and click Deploy.
Once this is performed, proceed with your upgrade.