Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Upgrading 4240 and IDSM-2

When upgrading the service packs from 6.0(2)E1 to 6.0(3)E1 should I prepare for "disaster recovery" with the system image ready on TFTP server etc? Or is this overkill for just doing a service pack upgrade?


Community Member

Re: Upgrading 4240 and IDSM-2

Depends on your comfort level. In the past, I have had both good and bad experiences. Very little consistency. I have had it where out of 25 sensors all on the same build/patch level 20 take the upgrade fine, but 5 are left in an unsuable state. TFTP the image and start from scratch. Then I have had times where all of the sensors work fine with the upgrade, but I have also had it where all sensors fail on the upgrade. It is much less likely for all to fail however. After the first occurence of this, we developed a new strategy to deploy all sensor patches and signature update on a test sensor, let it run for two days and ensure it is still functioning as normal. Should we have to do this, probably not, but with my history with Cisco's quality assurance we have to.

So in short, is it overkill, yes probably. But at the same time I would make sure I have the files readily avilable just in case.

Community Member

Re: Upgrading 4240 and IDSM-2

Thanks a bunch for the reply. Not what I'd like to hear, haha, but better to be prepared.


Re: Upgrading 4240 and IDSM-2


It's always good to be reminded about Murphy's Law and its relevance in networking operations.

I rate it a "5" because it is so easy to forget.



CreatePlease to create content