FDM-Managed Device Upgrade Prerequisites

Security Cloud Control provides a wizard that helps you upgrade the Firewall device manager (FDM) images installed on an individual device or an HA pair.

The wizard guides you through the process of choosing compatible images, installs them, and reboots the device to complete the upgrade. We secure the upgrade process by validating that the images you chose on Security Cloud Control are the ones copied to, and installed on, your FDM-managed device. We strongly recommend the FDM-managed devices you are upgrading have outbound access to the internet.

If your FDM-managed device does not have outbound access to the internet, you can download the image you want from Cisco.com, store them in your own repository, provide the upgrade wizard with a custom URL to those images, and Security Cloud Control performs upgrades using those images. In this case, however, you determine what images you want to upgrade to. Security Cloud Control does not perform the image integrity check or disk-space check.

Configuration Prerequisites

  • DNS needs to be enabled on the FDM-managed device. See the "Configuring DNS" section of the System Administration chapter of the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for the version your device is running for more information.

  • The FDM-managed device should be able to reach the internet if you use upgrade images from Security Cloud Control's image repository.

  • The FDM-managed device has been successfully onboarded to Security Cloud Control.

  • The FDM-managed device is reachable.

  • The FDM-managed device is synced.

    • If you update a device that has pending changes in Security Cloud Control and you do not accept changes, pending changes are lost after the upgrade completes. Best practice is to deploy any pending changes before you upgrade..

    • If you have staged changes in firewall device manager and the device is not synced, the upgrade in Security Cloud Control will fail at an eligibility check.

4100 and 9300 Series Running FTD

Security Cloud Control does not support the upgrade for the 4100 or 9300 series devices. You must upgrade these devices outside of Security Cloud Control.

Software and Hardware Requirements

Security Cloud Control is a cloud management platform. Software updates are released over time and are generally not dependent on hardware. See Software and Hardware Supported by Security Cloud Control for information about supported hardware types.

Devices running firewall device manager software have a recommended upgrade path for optimal performance. See Firepower Software Upgrade Path for more information.

Upgrade Notes

You cannot deploy changes to a device while it is upgrading.