You must uninstall updates locally. You cannot use a Firepower Management
Center to uninstall the update from a managed device.
To watch the uninstallation process, access the device through the shell and navigate to the /var/log/sf/<uninstaller file name folder> directory, then execute the tail –f main_upgrade_script.log shell command. Once the uninstallation process is complete, the system generates a upgrade completed message in the file main_upgrade_script.log.
Order of Uninstallation
Uninstall the update in the reverse order that you installed it. That is, first uninstall the update from managed devices, then from Firepower Management
Uninstall the Update from Clustered or High Availability Appliances
Clustered devices, devices in high availability pairs, and Firepower Management
Centers in high availability pairs must run the same Firepower version. Although the uninstallation process triggers an automatic failover, appliances in mismatched pairs or clusters do not share configuration information, nor do they install or uninstall updates as part of their synchronization. If you need to uninstall an update from redundant appliances, plan to perform the uninstallations in immediate succession.
To ensure continuity of operations, uninstall the update from clustered devices and paired Firepower Management
Centers one at a time. First, uninstall the update from the secondary appliance. Wait until the uninstallation process is complete, then immediately uninstall the update from the primary appliance.
If the uninstallation process on a clustered device, devices in a high availability pair, or a paired Firepower Management
Center fails, do not restart the uninstall or change configurations on its peer. Instead, contact Cisco TAC.
Uninstall the Update from Stacked Devices
All devices in a stack must run the same Firepower version. Uninstalling the update from any of the stacked devices causes the devices in that stack to enter a limited, mixed-version state.
To minimize impact on your deployment, we recommend you uninstall an update from stacked devices simultaneously. The stack resumes normal operation when the uninstallation completes on all devices in the stack.
Uninstall the Update from Devices Deployed Inline
Managed devices do not perform traffic inspection, switching, routing, or related functions while the update is being uninstalled. Depending on how your devices are configured and deployed, the uninstallation process may also affect traffic flow and link state. See Pre-Update Configuration and Event Backups for more information.
After the Uninstall
After you uninstall the update, there are several steps you should take to ensure that your deployment is performing properly. These include verifying that the uninstall succeeded and that all appliances in your deployment are communicating successfully.
The next sections include detailed instructions not only on performing the uninstallation, but also on completing any post-update steps. Make sure you complete all of the listed tasks.