Cisco Firepower 4100/9300 FXOS Release Notes, 2.2(1)
Available Languages
Table of Contents
Cisco Firepower 4100/9300 FXOS Release Notes, 2.2(1)
Upgrading a Firepower Security Appliance with No Logical Devices Configured
Upgrading Firepower Security Appliances with ASA Logical Devices in a Failover Configuration
Upgrading Firepower Security Appliances Configured as an ASA Inter-Chassis Cluster
Resolved Bugs in FXOS 2.2.1.70
Resolved Bugs in FXOS 2.2.1.66
Resolved Bugs in FXOS 2.2.1.63
Communications, Services, and Additional Information
Cisco Firepower 4100/9300 FXOS Release Notes, 2.2(1)
First Published: May 15, 2017
Last Revised: June 3, 2019
This document contains release information for Cisco Firepower eXtensible Operating System 2.2(1).
Use this release note as a supplement with the other documents listed in the documentation roadmap:
http://www.cisco.com/go/firepower9300-docs
http://www.cisco.com/go/firepower4100-docs
Note: The online versions of the user documentation are occasionally updated after the initial release. As a result, the information contained in the documentation on Cisco.com supersedes any information contained in the context-sensitive help included with the product.
This document contains the following sections:
–
New Features in FXOS 2.2.1.70
–New Features in FXOS 2.2.1.66
–New Features in FXOS 2.2.1.63
–Upgrading a Firepower Security Appliance with No Logical Devices Configured
–Upgrading a Firepower Security Appliance Running Standalone Firepower Threat Defense Logical Devices or a Firepower Threat Defense Intra-Chassis Cluster
–Upgrading Firepower Security Appliances with Firepower Threat Defense Logical Devices in a Failover Configuration
–Upgrading Firepower Security Appliances Configured as a Firepower Threat Defense Inter-Chassis Cluster
–Upgrading a Firepower Security Appliance Running Standalone ASA Logical Devices or an ASA Intra-Chassis Cluster
–Upgrading Firepower Security Appliances with ASA Logical Devices in a Failover Configuration
–Upgrading Firepower Security Appliances Configured as an ASA Inter-Chassis Cluster
–Resolved Bugs in FXOS 2.2.1.70
–Resolved Bugs in FXOS 2.2.1.66
–Resolved Bugs in FXOS 2.2.1.63
Introduction
The Cisco Firepower security appliance is a next-generation platform for network and content security solutions. The Firepower security appliance is part of the Cisco Application Centric Infrastructure (ACI) Security Solution and provides an agile, open, secure platform that is built for scalability, consistent control, and simplified management.
The Firepower security appliance provides the following features:
■Modular chassis-based security system—Provides high performance, flexible input/output configurations, and scalability.
■Firepower Chassis Manager—Graphical user interface provides a streamlined, visual representation of the current chassis status and allows for simplified configuration of chassis features.
■FXOS CLI—Provides command-based interface for configuring features, monitoring chassis status, and accessing advanced troubleshooting features.
■FXOS REST API—Allows users to programmatically configure and manage their chassis.
What’s New
New Features in FXOS 2.2.1.70
Cisco Firepower eXtensible Operating System 2.2.1.70 introduces the following new features in addition to the features included in earlier releases:
■Fixes for various problems (see Resolved Bugs in FXOS 2.2.1.70).
New Features in FXOS 2.2.1.66
Cisco Firepower eXtensible Operating System 2.2.1.66 introduces the following new features in addition to the features included in earlier releases:
■Adds additional support for verifying security module adapters and provides CLI commands for viewing and updating the boot image for the adapter.
Note: After installing FXOS 2.2.1.66, you might receive a critical fault asking you to update the firmware for your security module adapters. For instructions, see Adapter Bootloader Upgrade.
■Fixes for various problems (see Resolved Bugs in FXOS 2.2.1.66).
New Features in FXOS 2.2.1.63
Cisco Firepower eXtensible Operating System 2.2.1.63 introduces the following new features:
■Adds the ability to upgrade the firmware on Network Modules installed in the Firepower chassis.
■You can now examine the maximum failed login attempts lockout status of a user and clear the user’s locked out state.
■Provides a new CLI command that consolidates output of different environmental monitoring variables for Firepower security appliances.
■Adds the ability to separately configure the absolute session timeout and idle session timeout for serial console sessions. This allows for disabling the serial console absolute session timeout for debugging needs while maintaining the timeout for other forms of access.
■Secure Unlock, also called Cisco Interactive Debug, is a new serviceability feature that implements a secure way of accessing a Linux prompt on the Supervisor Module on Firepower 9300 and Firepower 4100 Series security appliances.
Note: Before you can use the Secure Unlock feature, the security appliance must have Firmware package 1.0.12 or later installed. For instructions on how to verify your firmware package version and to upgrade the firmware if necessary, see the “Firmware Upgrade” topic in the Cisco FXOS CLI Configuration Guide, 2.2(1) or Cisco FXOS Firepower Chassis Manager Configuration Guide, 2.2(1) (http://www.cisco.com/go/firepower9300-config).
■Support for Certificate Revocation List (CRL) checks for HTTPS connections.
■The Flow Offload feature has been improved to support offloading of up to 4 million uni-directional flows or 2 million bi-directional flows per security module.
■Fixes for various problems (see Resolved Bugs in FXOS 2.2.1.63).
Software Download
You can download software images for FXOS and supported applications from one of the following URLs:
■Firepower 9300 — https://software.cisco.com/download/type.html?mdfid=286287252
■Firepower 4100 — https://software.cisco.com/download/navigator.html?mdfid=286305164
For information about the applications that are supported on a specific version or FXOS, refer to the Cisco FXOS Compatibility guide at this URL:
http://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/compatibility/fxos-compatibility.html
Important Notes
■When you configure Radware DefensePro (vDP) in a service chain on a currently running Firepower Threat Defense application on a Firepower 4110 or 4120 device, the installation fails with a fault alarm. As a workaround, stop the Firepower Threat Defense application instance before installing the Radware DefensePro application. Note that this issue and workaround apply to all supported releases of Radware DefensePro service chaining with Firepower Threat Defense on Firepower 4110 and 4120 devices.
■Firmware Upgrade—We recommend upgrading your Firepower 4100/9300 security appliance with the latest firmware. For information about how to install a firmware update and the fixes included in each update, see https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/firmware-upgrade/fxos-firmware-upgrade.html.
■Beginning with FXOS 1.1(3), the behavior for port-channels was changed. In FXOS 1.1(3) and later releases, when a port-channel is created, it is now configured as lacp cluster-detach by default and its status will show as down even if the physical link is up. The port-channel will be brought out of cluster-detach mode in the following situations:
–The port-channel's port-type is set to either cluster or mgmt
–The port-channel is added as a data port for a logical device that is part of a cluster and at least one security module has joined the cluster
If the port-channel is removed from the logical device or the logical device is deleted, the port-channel will revert to cluster-detach mode.
Adapter Bootloader Upgrade
FXOS 2.2.1.66 and later adds additional testing to verify the security module adapters on your security appliance. After installing FXOS 2.2.1.66 or later, you might receive the following critical fault on your security appliance indicating that you should update the firmware for your security module adapter:
Critical F1715 2017-05-11T11:43:33.121 339561 Adapter 1 on Security Module 1 requires a critical firmware upgrade. Please see Adapter Bootloader Upgrade instructions in the FXOS Release Notes posted with this release.
If you receive the above message, use the following procedure to update the boot image for your adapter:
1. Connect to the FXOS CLI on your Firepower security appliance. For instructions, see the “Accessing the FXOS CLI” topic in the Cisco FXOS CLI Configuration Guide or the Cisco FXOS Firepower Chassis Manager Configuration Guide (see Related Documentation).
2. Enter the adapter mode for the adapter whose boot image you are updating:
3. Use the show image command to view the available adapter images and to verify that fxos-m83-8p40-cruzboot.4.0.1.62.bin is available to be installed:
--------------------------------------------- -------------------- -------
fxos-m83-8p40-cruzboot.4.0.1.62.bin Adapter Boot 4.0(1.62)
fxos-m83-8p40-vic.4.0.1.51.gbin Adapter 4.0(1.51)
4. Use the update boot-loader command to update the adapter boot image to version 4.0.1.62:
5. Use the show boot-update status command to monitor the update status:
6. Use the show version detail command to verify that the update was successful:
Note: Your show version detail output might differ from the following example. However, please verify that Bootloader-Update-Status is “Ready” and that Bootloader-Vers is 4.0(1.62).
System Requirements
You can access the Firepower Chassis Manager using the following browsers:
■Mozilla Firefox – Version 42 and later
■Google Chrome – Version 47 and later
■Microsoft Internet Explorer – Version 11 and later
Testing on FXOS 2.2(1) was performed using Mozilla Firefox version 42, Google Chrome version 47, and Internet Explorer version 11. We anticipate that future versions of these browsers will also work. However, if you experience any browser-related issues, we suggest you revert to one of the tested versions.
Upgrade Instructions
Use the following tables for guidance on the upgrade path required to move from older releases to this release. For instructions on upgrading to a specific release, see the release notes document for that release:
http://www.cisco.com/c/en/us/support/security/firepower-9000-series/products-release-notes-list.html
Refer to the FXOS Compatibility guide for release version compatibility information. Use older compatible versions of the application only in the context of upgrades. Note that for upgrade-compatible versions, you may be prompted that the application version is not compatible with the new FXOS version; in this case, indicate Yes to continue with the upgrade. You are expected to upgrade the application version as soon as possible.
Note: If you are running a version of FXOS earlier than FXOS 1.1(4), see the Cisco FXOS Release Notes, 1.1(4) for information on how to upgrade your system to FXOS 1.1(4).
|
||||||
|
||||||
|
|
|||||
|
|
|
||||
|
||||||
|
||||||
|
|
|||||
|
|
|
||||
■The upgrade process typically takes between 20 and 30 minutes.
If you are upgrading a Firepower 9300 or Firepower 4100 Series security appliance that is running a standalone logical device or if you are upgrading a Firepower 9300 security appliance that is running an intra-chassis cluster, traffic will not traverse through the device while it is upgrading.
If you are upgrading Firepower 9300 or a Firepower 4100 Series security appliance that is part of an inter-chassis cluster, traffic will not traverse through the device being upgraded while it is upgrading. However, the other devices in the cluster will continue to pass traffic.
■When upgrading the FXOS platform bundle software and application CSP images at the same time, do not upload the application CSP images to your security appliance until after you upgrade the FXOS platform bundle software.
Refer to the upgrade instructions that apply for your device configuration:
Upgrading a Firepower Security Appliance with No Logical Devices Configured
If your Firepower security appliance is not yet configured with any logical devices, perform the following steps to update your system to 2.2(1):
1. Download the FXOS 2.2(1) image to your local machine (see Software Download).
2. Upload the FXOS 2.2(1) Platform Bundle image to your Firepower security appliance. For instructions, see the “Uploading an Image to the Firepower appliance” topic in the Cisco Firepower Chassis Manager Configuration Guide (see Related Documentation).
3. Upgrade your Firepower security appliance using the FXOS 2.2(1) Platform Bundle image. For instructions, see the “Upgrading the Firepower eXtensible Operating System Platform Bundle” topic in the Cisco Firepower Chassis Manager Configuration Guide.
Upgrading a Firepower Security Appliance Running Standalone Firepower Threat Defense Logical Devices or a Firepower Threat Defense Intra-Chassis Cluster
Note: After upgrading FXOS, you can then upgrade the Firepower Threat Defense logical devices using the Firepower Management Center. For more information, see the Firepower System Release Notes.
1. Download the FXOS 2.2(1) image to your local machine (see Software Download).
2. Upload the FXOS 2.2(1) Platform Bundle image to your Firepower security appliance. For instructions, see the “Uploading an Image to the Firepower appliance” topic in the Cisco Firepower Chassis Manager Configuration Guide (see Related Documentation).
3. Upgrade your Firepower security appliance using the FXOS 2.2(1) Platform Bundle image. For instructions, see the “Upgrading the Firepower eXtensible Operating System Platform Bundle” topic in the Cisco Firepower Chassis Manager Configuration Guide.
Upgrading Firepower Security Appliances with Firepower Threat Defense Logical Devices in a Failover Configuration
Note: After upgrading FXOS, you can then upgrade the Firepower Threat Defense logical devices using the Firepower Management Center. For more information, see the Firepower System Release Notes.
1. Download the FXOS 2.2(1) image to your local machine (see Software Download).
2. Upgrade the Firepower eXtensible Operating System bundle on the Firepower security appliance that contains the standby Firepower Threat Defense logical device:
a. Upload the FXOS 2.2(1) Platform Bundle image to your Firepower security appliance. For instructions, see the “Uploading an Image to the Firepower appliance” topic in the Cisco Firepower Chassis Manager Configuration Guide (see Related Documentation).
b. Upgrade your Firepower security appliance using the FXOS 2.2(1) Platform Bundle image. For instructions, see the “Upgrading the Firepower eXtensible Operating System Platform Bundle” topic in the Cisco Firepower Chassis Manager Configuration Guide.
3. Wait for the chassis to reboot and upgrade successfully:
a. Use the show firmware monitor command under scope system to monitor the upgrade process.
b. After the upgrade process finishes, use the show slot command under scope ssa to verify that the slots have come “Online.”
c. Use the show app-instance command under scope ssa to verify that the applications have come “online”.
4. Make the Firepower Threat Defense device that you just upgraded the active unit so that traffic flows to the upgraded unit. For instructions, see the “Switch the Active Peer in a Firepower Threat Defense High Availability Pair” topic in the Firepower Management Center Configuration Guide.
5. Upgrade the Firepower eXtensible Operating System bundle on the Firepower security appliance that contains the new standby Firepower Threat Defense logical device:
a. Upload the FXOS 2.2(1) Platform Bundle image to your Firepower security appliance. For instructions, see the “Uploading an Image to the Firepower appliance” topic in the Cisco Firepower Chassis Manager Configuration Guide (see Related Documentation).
b. Upgrade your Firepower security appliance using the FXOS 2.2(1) Platform Bundle image. For instructions, see the “Upgrading the Firepower eXtensible Operating System Platform Bundle” topic in the Cisco Firepower Chassis Manager Configuration Guide.
6. Wait for the chassis to reboot and upgrade successfully:
a. Use the show firmware monitor command under scope system to monitor the upgrade process.
b. After the upgrade process finishes, use the show slot command under scope ssa to verify that the slots have come “Online.”
c. Use the show app-instance command under scope ssa to verify that the applications have come “online”.
7. If desired, you can now make the unit that you just upgraded the active unit as it was before the upgrade.
Upgrading Firepower Security Appliances Configured as a Firepower Threat Defense Inter-Chassis Cluster
Note: After upgrading FXOS, you can then upgrade the Firepower Threat Defense logical devices using the Firepower Management Center. For more information, see the Firepower System Release Notes.
1. Connect to the FXOS CLI on Chassis #2 (this should be a chassis that does not have the Primary unit). For instructions, see the “Accessing the FXOS CLI” topic in the Cisco FXOS CLI Configuration Guide (see Related Documentation).
2. Verify that all installed security modules are online:
3. Verify that all installed security modules have the correct FXOS version and Firepower Threat Defense version installed:
scope server 1/ x
show version
scope ssa
show logical-device
4. Verify that the cluster operational state is “In-Cluster” for all security modules installed in the chassis and that the Primary unit is not on this chassis:
There should not be any Firepower Threat Defense instance with Cluster Role set to “Master”.
1. Download the FXOS 2.2(1) image to your local machine (see Software Download).
2. Connect to the FXOS CLI on Chassis #2 (this should be a chassis that does not have the Primary unit). For instructions, see the “Accessing the FXOS CLI” topic in the Cisco FXOS CLI Configuration Guide (see Related Documentation).
3. Upgrade the Firepower eXtensible Operating System bundle on Chassis #2:
a. Upload the FXOS 2.2(1) Platform Bundle image to your Firepower security appliance. For instructions, see the “Uploading an Image to the Firepower appliance” topic in the Cisco Firepower Chassis Manager Configuration Guide (see Related Documentation).
b. Upgrade your Firepower security appliance using the FXOS 2.2(1) Platform Bundle image. For instructions, see the “Upgrading the Firepower eXtensible Operating System Platform Bundle” topic in the Cisco Firepower Chassis Manager Configuration Guide (see Related Documentation).
4. Wait for the chassis to reboot and upgrade successfully (approximately 15-20 minutes):
a. Use the show firmware monitor command under scope system to monitor the upgrade process. Every component should show “Upgrade-Status: Ready.”
b. After the upgrade process finishes, verify that all installed security modules are online:
c. Verify that all applications are currently online:
Verify that the operational state is “Online” for all applications in the chassis.
Verify that the cluster operational state is “In-Cluster” for all applications in the chassis.
Verify that the cluster role is “Slave” for all applications in the chassis.
5. Set one of the security modules on Chassis #2 as Primary.
After setting one of the security modules on Chassis #2 to Primary, Chassis #1 no longer contains the Primary unit and can now be upgraded.
6. Repeat the Pre-Upgrade Checklist and Steps 2-4 for Chassis #1.
7. If there are any additional chassis included in the cluster, repeat the Pre-Upgrade Checklist and Steps 2-4 for those chassis.
8. To return the Primary role to Chassis #1, set one of the security modules on Chassis #1 as Primary.
Upgrading a Firepower Security Appliance Running Standalone ASA Logical Devices or an ASA Intra-Chassis Cluster
1. Download the FXOS 2.2(1) image to your local machine (see Software Download).
2. Upload the FXOS 2.2(1) Platform Bundle image to your Firepower security appliance. For instructions, see the “Uploading an Image to the Firepower appliance” topic in the Cisco Firepower Chassis Manager Configuration Guide (see Related Documentation).
3. Upgrade your Firepower security appliance using the FXOS 2.2(1) Platform Bundle image. For instructions, see the “Upgrading the Firepower eXtensible Operating System Platform Bundle” topic in the Cisco Firepower Chassis Manager Configuration Guide.
4. Upload the ASA CSP image to your Firepower security appliance. For instructions, see the “Uploading an Image to the Firepower Appliance” topic in the Cisco Firepower Chassis Manager Configuration Guide.
5. Upgrade any ASA logical devices (standalone or intra-chassis cluster) using the ASA CSP image. For instructions, see the “Updating the Image Version for a Logical Device” topic in the Cisco Firepower Chassis Manager Configuration Guide.
Upgrading Firepower Security Appliances with ASA Logical Devices in a Failover Configuration
1. Download the FXOS 2.2(1) image to your local machine (see Software Download).
2. Upgrade the Firepower eXtensible Operating System bundle on the Firepower security appliance that contains the standby ASA logical device:
a. Upload the FXOS 2.2(1) Platform Bundle image to your Firepower security appliance. For instructions, see the “Uploading an Image to the Firepower appliance” topic in the Cisco Firepower Chassis Manager Configuration Guide (see Related Documentation).
b. Upgrade your Firepower security appliance using the FXOS 2.2(1) Platform Bundle image. For instructions, see the “Upgrading the Firepower eXtensible Operating System Platform Bundle” topic in the Cisco Firepower Chassis Manager Configuration Guide.
3. Wait for the chassis to reboot and upgrade successfully:
a. Use the show firmware monitor command under scope system to monitor the upgrade process.
b. After the upgrade process finishes, use the show slot command under scope ssa to verify that the slots have come “Online.”
c. Use the show app-instance command under scope ssa to verify that the applications have come “online”.
4. Upgrade the ASA and vDP logical device images:
a. Upload the ASA CSP image to your Firepower security appliance. If Radware DefensePro (vDP) is configured as a decorator for this ASA application and there is an update available, upload the vDP CSP image too.
For instructions, see the “Uploading an Image to the Firepower appliance” topic in the Cisco Firepower Chassis Manager Configuration Guide (see Related Documentation).
b. Upgrade your logical device image using the ASA CSP image:
top (set the scope to the top level in the mode hierarchy)
scope ssa
scope slot x (where x is the slot ID on which the ASA logical device is configured)
scope app-instance asa
set startup-version <version>
exit
c. If Radware DefensePro is configured as a decorator for this ASA application, upgrade the vDP image:
scope app-instance vdp
set startup-version <version>
exit
e. If there are multiple failover peers (with or without Radware DefensePro decorator) configured on the Firepower security appliance, upgrade them using Steps b-d.
5. After the upgrade process finishes, verify that the applications are online:
6. Make the unit that you just upgraded the active unit so that traffic flows to the upgraded unit:
a. Connect to the ASA console on the Firepower security appliance that contains the standby ASA logical device.
d. Verify that the unit is active :
7. Upgrade the Firepower eXtensible Operating System bundle on the Firepower security appliance that contains the new standby ASA logical device:
a. Upload the FXOS 2.2(1) Platform Bundle image to your Firepower security appliance. For instructions, see the “Uploading an Image to the Firepower appliance” topic in the Cisco Firepower Chassis Manager Configuration Guide (see Related Documentation).
b. Upgrade your Firepower security appliance using the FXOS 2.2(1) Platform Bundle image. For instructions, see the “Upgrading the Firepower eXtensible Operating System Platform Bundle” topic in the Cisco Firepower Chassis Manager Configuration Guide.
8. Wait for the chassis to reboot and upgrade successfully:
a. Use the show firmware monitor command under scope system to monitor the upgrade process.
b. After the upgrade process finishes, use the show slot command under scope ssa to verify that the slots have come “Online.”
c. Use the show app-instance command under scope ssa to verify that the applications have come “online”.
9. Upgrade the ASA and vDP logical device images:
a. Upload the ASA CSP image to your Firepower security appliance. If Radware DefensePro (vDP) is configured as a decorator for this ASA application and there is an update available, upload the vDP CSP image too.
For instructions, see the “Uploading an Image to the Firepower appliance” topic in the Cisco Firepower Chassis Manager Configuration Guide (see Related Documentation).
b. Upgrade your logical device image using the ASA CSP image:
top (set the scope to the top level in the mode hierarchy)
scope ssa
scope slot x (where x is the slot ID on which the ASA logical device is configured)
scope app-instance asa
set startup-version <version>
exit
c. If Radware DefensePro is configured as a decorator for this ASA application, upgrade the vDP image:
scope app-instance vdp
set startup-version <version>
exit
e. If there are multiple failover peers (with or without Radware DefensePro decorator) configured on the Firepower security appliance, upgrade them using Steps b-d.
10. After the upgrade process finishes, verify that the applications are online:
11. Make the unit that you just upgraded the active unit as it was before the upgrade:
a. Connect to the ASA console on the Firepower security appliance that contains the new standby ASA logical device.
Upgrading Firepower Security Appliances Configured as an ASA Inter-Chassis Cluster
1. Connect to the FXOS CLI on Chassis #2 (this should be a chassis that does not have the Primary unit). For instructions, see the “Accessing the FXOS CLI” topic in the Cisco FXOS CLI Configuration Guide or the Cisco FXOS Firepower Chassis Manager Configuration Guide (see Related Documentation).
2. Verify that all installed security modules are online:
3. Verify that all installed security modules have the correct FXOS version and ASA version installed:
scope server 1/ x
show version
scope ssa
show logical-device
4. Verify that the cluster operational state is “In-Cluster” for all security modules installed in the chassis:
5. Verify that all installed security modules are shown as part of the cluster:
connect module x console
show cluster info
6. Verify that the Primary unit is not on this chassis:
There should not be any ASA instance with Cluster Role set to “Master”.
1. Download the FXOS 2.2(1) image to your local machine (see Software Download).
2. Connect to the FXOS CLI on Chassis #2 (this should be a chassis that does not have the Primary unit). For instructions, see the “Accessing the FXOS CLI” topic in the Cisco FXOS CLI Configuration Guide or the Cisco FXOS Firepower Chassis Manager Configuration Guide (see Related Documentation).
3. Upgrade the Firepower eXtensible Operating System bundle on Chassis #2:
a. Upload the FXOS 2.2(1) Platform Bundle image to your Firepower security appliance. For instructions, see the “Uploading an Image to the Firepower appliance” topic in the Cisco Firepower Chassis Manager Configuration Guide (see Related Documentation).
b. Upgrade your Firepower security appliance using the FXOS 2.2(1) Platform Bundle image. For instructions, see the “Upgrading the Firepower eXtensible Operating System Platform Bundle” topic in the Cisco Firepower Chassis Manager Configuration Guide (see Related Documentation).
4. Wait for the chassis to reboot and upgrade successfully (approximately 15-20 minutes):
a. Use the show firmware monitor command under scope system to monitor the upgrade process. Every component should show “Upgrade-Status: Ready.”
b. After the upgrade process finishes, verify that all installed security modules are online:
c. Verify that all ASA applications are currently online:
5. Upgrade the ASA and vDP logical device images:
a. Upload the ASA CSP image to your Firepower security appliance. If Radware DefensePro (vDP) is configured as a decorator for this ASA application and there is an update available, upload the vDP CSP image too.
For instructions, see the “Uploading an Image to the Firepower appliance” topic in the Cisco Firepower Chassis Manager Configuration Guide (see Related Documentation).
b. Upgrade your logical device image using the ASA CSP image:
top (set the scope to the top level in the mode hierarchy)
scope ssa
scope slot x (where x is the slot ID on which the ASA logical device is configured)
scope app-instance asa
set startup-version <version>
exit
c. If Radware DefensePro is configured as a decorator for this ASA application, upgrade the vDP image:
scope app-instance vdp
set startup-version <version>
exit
d. Repeat Steps b-c for all slots of the logical device installed on this security appliance.
6. After the upgrade process finishes, verify that the applications are online:
Verify that the operational state is “Online” for all ASA and vDP applications in the chassis.
Verify that the cluster operational state is “In-Cluster” for all ASA and vDP applications in the chassis.
Verify that the cluster role is “Slave” for all ASA applications in the chassis.
7. Set one of the security modules on Chassis #2 as Primary:
connect module x console
configure terminal
cluster master
After setting one of the security modules on Chassis #2 to Primary, Chassis #1 no longer contains the Primary unit and can now be upgraded.
8. Repeat the Pre-Upgrade Checklist and Steps 1-6 for Chassis #1.
9. If there are any additional chassis included in the cluster, repeat the Pre-Upgrade Checklist and Steps 1-6 for those chassis.
10. To return the Primary role to Chassis #1, set one of the security modules on Chassis #1 as Primary:
Open and Resolved Bugs
The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products.
Note: You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account.
For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ.
Open Bugs
Open bugs severity 3 and higher for Firepower eXtensible Operating System 2.2(1) are listed in the following table:
Resolved Bugs in FXOS 2.2.1.70
The following table lists the defects that were resolved in Firepower eXtensible Operating System 2.2.1.70:
Resolved Bugs in FXOS 2.2.1.66
The following table lists the defects that were resolved in Firepower eXtensible Operating System 2.2.1.66:
Resolved Bugs in FXOS 2.2.1.63
The following table lists the previously release-noted and customer-found defects that were resolved in Firepower eXtensible Operating System 2.2.1.63:
Related Documentation
For additional information on the Firepower 9300 or 4100 Series security appliance and the Firepower eXtensible Operating System, see Navigating the Cisco Firepower 9300 Documentation.
Communications, Services, and Additional Information
■To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
■To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
■To submit a service request, visit Cisco Support.
■To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
■To obtain general networking, training, and certification titles, visit Cisco Press.
■To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)