FDM-Managed Device Upgrade Prerequisites

Cisco Defense Orchestrator (CDO) provides a wizard that helps you upgrade the Firewall device manager (FDM) images installed on an individual device or an HA pair.

The wizard guides you through the process of choosing compatible images, installs them, and reboots the device to complete the upgrade. We secure the upgrade process by validating that the images you chose on CDO are the ones copied to, and installed on, your FDM-managed device. We strongly recommend the FDM-managed devices you are upgrading have outbound access to the internet.

If your FDM-managed device does not have outbound access to the internet, you can download the image you want from Cisco.com, store them in your own repository, provide the upgrade wizard with a custom URL to those images, and CDO performs upgrades using those images. In this case, however, you determine what images you want to upgrade to. CDO does not perform the image integrity check or disk-space check.

Configuration Prerequisites

  • DNS needs to be enabled on the FDM-managed device. See the "Configuring DNS" section of the System Administration chapter of the Cisco Firepower Threat Defense Configuration Guide for Firepower Device Manager for the version your device is running for more information.

  • The FDM-managed device should be able to reach the internet if you use upgrade images from CDO's image repository.

  • The FDM-managed device has been successfully onboarded to CDO.

  • The FDM-managed device is reachable.

  • The FDM-managed device is synced.

    • If you update a device that has pending changes in CDO and you do not accept changes, pending changes are lost after the upgrade completes. Best practice is to deploy any pending changes before you upgrade..

    • If you have staged changes in firewall device manager and the device is not synced, the upgrade in CDO will fail at an eligibility check.

4100 and 9300 Series Running FTD

CDO does not support the upgrade for the 4100 or 9300 series devices. You must upgrade these devices outside of CDO.

Software and Hardware Requirements

CDO is a cloud management platform. Software updates are released over time and are generally not dependent on hardware. See Software and Hardware Supported by CDO for information about supported hardware types.

Devices running firewall device manager software have a recommended upgrade path for optimal performance. See Firepower Software Upgrade Path for more information.

Upgrade Notes

You cannot deploy changes to a device while it is upgrading.