Cisco: Security - Firepower 4100 FXOS & Firmware Update

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Applause] hi guys welcome to Cisco Nate take gander at this video if it's your first time if you like the content or find it worthwhile like comment subscribe everything you do helps me raise the visibility of this channel alright so today's topic is going to be upgrading and installing the firmware for a fire power 4100 and the FX OS for a fire power 4100 now this typically comes as a result of trying to figure out what FTD fire power threat defense firewall you want to run and then working it back to FX OS and one more step back to the former so don't get worried about it I'm gonna show you everything here about which documents you should pull up compatibility matrix how to work everything together it's going to be easy you'll see here in just one second alright the requirements for this video are going to be pretty simple number one you need a CCO ID if you don't know what that is or you don't you know what it is and you don't have one stop now go talk to your PSS your CSS because you will need that to download the proper software unless you have it issued to you specifically by a Cisco TSA alright along with your CCO ID you need to make sure that it is associated with the contract and that that contract has the entitlements for the software essentially if you haven't bought the product from Cisco those entitlements are not made available for you to download the software so verify those things before we start work on this video alright the second thing you'll need is you'll need a fire power 4100 now this video works for the 4100 and the 9300 but there are some slight nuances to how you go about the process if you're doing a 9300 i'll show you where the guides are you'll be able to fork off of this video to do the same thing for a 9300 the last thing you need is internet connectivity and if you're watching this video then you've already satisfied that so let's get to it see you guys in a second alright guys so we're getting started here I'm going to do the same thing I almost always do and that is first things first let's go get that software so head over to software at Cisco comm this is where you'll need your CCO ID associated with contracts and this contracts need to have entitlements so you're gonna have to log in here I'm specifically going to have to go my duo two-factor authentication which is very nice so just click a button on my phone I'm in alright now if this is your first time you won't have these pop-ups here so I'm going to show you just like you would you come down here it's like fire power 41 now you type 40 100 or 40 110 I'm gonna say 40 100 and go ahead and click on this option here and then I will follow the breadcrumbs down to my specific model so in my case mine's a 40 110 now I've already done some of the research to figure out which FX OS and which firmware I am going to need for this so I'm gonna pause here and now take you guys to go find those documents so you can do that homework yourself if you need to after you find the documents pause the video figure out which ones you need and then come back to and unpause the video so the first thing we're going to need is you want to start with you've got an FTD version you want to run and you now need to figure out what FX OS you need to run so you're gonna write a search for an FX os compatibility and I typically just throw Cisco on there to make sure it's the top one that comes up so you can see the top here here for a Cisco fire power 4190 300f X OS compatibility that is what you want so open that up and what you want to do is look at these matrices they provide you here and this is for hardware and software compatibility first so if you got a 40 110 you know that 1 FX OS 1 1 1 is not compatible so obviously you don't want to grab that but 41 10 I'm gonna go to the latest version which is 2.8 dot 1 and it is supported so follow the columns follow the rows that is supported next thing you need to do is this is where I say you work backwards right you figure out that hey I know 6 6 is the latest but that's not our jam we have 6 4 Oh approved that's what we're gonna stick with and these bolded numbers here which if you read this it'll tell you this are that versions that are officially supported and extensively tested with this firmware so or this FX OS so if you know 6 4 is the code you want to run you can run this to 7 however this where it's bolded is the version that was tested extensively to ensure that 6 or Oh ran flawlessly or s flawlessly as can be all right so we figured out the FTD version worked our way back to the FX OS version now we need to figure out how to get here from where we currently are not all of us are on the directly previous release you may be all the way back on to one you might be picking the SML this up from another engineer you never know right so we're gonna go back to our search page here and I'm going to search for Cisco FX OS release notes and you want to find the release notes for the version of code you're going to now the top one here is two seven I am going to eight and I could have just appended that here but I wanted to show you the easy way to find the information you need so I'm going to go ahead and open this in another tab here and we're gonna scroll down and partway through this it's gonna tell you from what versions you can upgrade to this version right so under the upgrade instructions it says you can upgrade your device from our to FX 2 OS 2.8 if it is currently running FX OS 2.01 or later now I'm in luck mine is so it's a one-stop shop for me if you were not then you would upgrade your firmware and then upgrade your FX OS to the stepping-stone version and then upgrade the FX so again to get where you currently are now you read here this is a lot of good information this is why I always recommend opening these that it could take up to 45 minutes to upgrade the code to 2.8 version 1 so the last thing I'm going to do is search here for FX OS firmware upgrade and that's going to pull up the firmware upgrade documentation I was talking about so again firmware is the drivers FX OS is the OS the firepower threat defense firewall is the app and that's actually how its kind of described if you've ever gone through FX OS so you scroll down here and you see one point 0.18 is the latest version it's great to look at this matrix here because the descriptions tell you why some of these were released such as if you want to use the secure unlock feature you need to be at 100 12 or later and then if you're using certain module to 400 gig Network module you need 1.0 point 16 so and some of these resolve piece arts which are actually quite important so anyways I'm going to 1.0 point 18 and my FX OS version is 2.8 so now I've got my upgrade path I know I'm close enough that I don't have to do a stepping-stone upgrade we're gonna go ahead and start downloading the software so to find the firmware and the FX OS once you're at the 4110 appliance if that's your version of 40 120 93 whatever you have click on firepower extensible operating system and then click on the version that best suits you in my case say I'm gonna do 2 dot 8.1 the image you need for the upgrade if this is not a corrupt version you're just doing a normal upgrade is the FX OS image for firepower you want to go ahead and click download and then accept the license let that start and we're gonna move down to here where it says firmware I'm gonna blow this out and download 1.0 point 18 again it's just another file to download now you have two options while this is downloading real quick you have two options to get the software on the firewall one is via CLI and using FTP and the other is via GUI and HTTP now it is really nice whenever you can avoid having to set up maintain and use an FTP server and I granted we almost always have these but when you're running around with a laptop consoling in or hooking into these devices it's not always that simple luckily enough on the fire power 4100 series you can upload this offer through the GUI that doesn't mean you're scot-free and not going to be using the CLI because you have to use the CLI to perform the firmware upgrade but you can get the software onto the device and then login to the CLI and execute the upgrade without having to set up or use an FTP server ok so this is my home computer here which is IPSec tunneled into my lab I've actually already downloaded this software once on my lab machine so I'm going to go ahead and transition over to that box now and that is through an RDP session so here I am in my lab box and I'm just going to verify that my files were indeed downloaded and ants are still here so I'm going to look for my fxo sk 9 2 8 1 1 dot 105 spa file it is here my fxo sk 9 FP r 4k firmware 1 0 18 spa file and they are both here so this is great we're in good shape I'm going to go ahead and open my browser we're gonna head to the firepower chassis manager this is the IP that was put on the box for fabric interconnect a so my case it's 102 1 6 8 2 2 2.10 so once this loads up here I'm going to log in and we're gonna start this process so the first thing you want to do is head over to system at the top right oh and you know what my browser's not the right size on this one let me go and change those defaults so I never have to touch this again this is to make it easier for those of you that are viewing this on laptops or other devices that are smaller so that's my default zoom is now set that will force it to reload this page make sure it is taken effect now you can see my current version of FX OS is 2.7 198 you can't see the firmware here but that's viewable inside the box when we see a lion so first thing I'm going to do is go to system and updates and this is how we can get the software on the box via the web GUI and not have to set up an FTP server a word of note or caution when you upload the firmware software it will immediately tell you whether it's successful here with the pop-up toast but it will not show up and will never show up in the available updates they've kind of shimmed this in here so it allows you to upload the file and you can see here it'll say successful in a second but it will never show up here so for many people will look like didn't work because you're typically uploaded and then you see here it says successful hit okay I'm never gonna see you here everything's still good alright when hit upload again and now I'm gonna choose the actual FX OS upgrade file I'm going to upload it it is perfectly fine to upload it now because that does not immediately install it now from here we are then going to move back into CLI on the box so I'm gonna let this go ahead and finish I don't need to worry about that for right now and I'm going to CLI into that box through my management interface that I've hooked up through a terminal server now you guys connect however you what I'm going in through a terminal server all right the first thing you want to do is head to the scope firmware and then show package so that you can see what is here now we see my firmware was successfully uploaded you see that the 2.8 is not quite finished uploading and that's fine it's not a problem we can just keep doing show package and eventually it will show up and we want to make sure that that finishes before we start the firmware update so we're just gonna hang out here and keep updating should finish relatively soon if you're actually really interested you can do show download tasks or something like that let me see if it's here I might have to check it a different way oh there you go two eight it's still downloading so now that we know it's it's still working on it it's not a problem just give it some time so I'm gonna go ahead and pan out and we'll come back once that is done and continue alright so it should be just about done downloading oh nothing popped up that means that download task is done that's why I show down that test doesn't show anything so now do you show package again just to verify everything is there and indeed we see FX OS canine 2.81 105 dot spa so that's great now if you want to see what the GUI looks like there should be a little piece of toast that says yep successful you uploaded so I'll click okay well go ahead and cleave this open for now and then we'll head back to the CLI so now I want to move from scope firmware to scope firmware install and then I want to type install package nope nope oh by the way on this you need to take note of the version number because that is what you need to install a package so I want to update the firmware first one 0.18 and at this point I want to say install firmware pack version and this is where you need that number one dot ODT it's going to ask you if you're sure that's what you want to do it's going to verify an install do you want to proceed yes now this install yes we want to proceed this install in particular for this firmware is a very hefty rewrite of a lot of code the FPGA is in every module FPGA is the ramens there is a lot of stuff it needs to go through an update here so this is going to take a long time with that in mind I'm going to ahead and pan away again and we'll come back once this is done all right so we're back and after about 6 or so different firmware upgrades if you scroll back here you can see these pipe bars that's every time I was upgrading another different version of firmware somewhere it finally finished now you may notice some errors that pop up this one says smart licensing is now failing bla bla bla a lot of these are just transient errors as it runs health checks before the system has actually started it detects hey that thing's not working well yeah because it's not up and running so give it a minute give it like 15 minutes make sure your login prompt is up which ours is now I should be able to now transition back to my web browser and we're go ahead and go back to the home page and login again because this device has already rebooted and it upgraded the firmware that does not mean FX OS that is the the firmware that has been upgraded so we're gonna log in again and then we're going to complete the FX OS portion of this upgrade so we figured out the FTD version we wanted figured out that meant we needed FX version X in this case 2.8 and then because of FX OS version 2.8 we found out we needed to update to the firmware so we've done the firmware update and we are now at the FX OS update that has to complete so once we're at this page I'm gonna go ahead and move over here to system updates and the 9 to 8 that I uploaded before is now here we can see it's visible it says not installed the update is as simple as literally clicking upgrade now it's going to tell you this is going to take a while and indeed it should take they said up to about 45 minutes so we'll go ahead and start the update process hey yes to proceed and you will no longer get any real updates on this screen that tell you about what percentage it is and how close it is to done if you really want to track that we can go back to CLI but 99% of the cases it's not really needed it's not worth it I'm just gonna go ahead and pan away and I'll come back when it's done and show you what it looks like alright so that was a long upgrade admittedly it looks like it finally completed it logged me out I'm back at the login screen so let's log in here and see where we are what version we have installed just verify everything's working properly oh that looks good so this upgrade didn't heed take a very long time but if you look right here you can see we're at version two point eight one 105 that is our FX OS version that is good and the critical art we saw earlier is now cleared it's a zero one one is how many there were the older before it cleared now we're down to zero so this is perfect alright that's it guys I hope you have a good one hope your upgrades are successful
Info
Channel: Nathan Stapp
Views: 5,131
Rating: undefined out of 5
Keywords: cisco, cisconate, security, firepower, 4100, fxos, upgrade, update
Id: CTxh1w1mgig
Channel Id: undefined
Length: 17min 47sec (1067 seconds)
Published: Tue May 19 2020
Related Videos
Firepower Management Center - FMC 101
Cisco
104K
Cisco Firepower 2100 ASA upgrade procedure
Network Base
2.8K
FTD FirePower Direct Upgrade in HA
H3X4FORUM IN
3.2K
FTD Traffic Troubleshooting Using Packet Tracer and Capture - 1
Ayo Kush
388
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.2M
you need to learn Ansible RIGHT NOW!! (Linux Automation)
NetworkChuck
439K
Cisco Firepower Management Center Upgrade v6.4 to v6.7 | vFMC Upgrade | Steps to Upgrade Cisco FMC
SecGuru
4.5K
$250 Slab To $7700 Table
Blacktail Studio
3.6M
I Built This From A 1972 Popular Mechanics Magazine Plan. Does It Work?
Fireball Tool
2.2M
Cisco FTD Basic Configuration, v6.7 using Firepower Device Management(FDM)
IT Solutions Network
1.4K
AnyConnect VPN on FTD with DUO MFA and ISE Posture Validation
CCIE NextWave
3.7K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.