Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
115
Views
0
Helpful
0
Replies

firepower-1140-failed | ASA image upgrade | Prep step

Demetri A
Community Member

‎05-08-2024 10:25 AM

Our ASA image upgrade failed and FPR1140 console prompt showed:

firepower-1140-failed

Working with Cisco TAC, it was mentioned this was caused by a full directory. 

Note, below issue was found on two more hardware FPR1140s.
TAC stated this does not occur with FPR VMs. 

As prep for future image upgrades, was informed to check storage space, via following commands from enable prompt:

connect fxos admin

scope fabric-interconnect

show storage

"    opt/cisco/platform 921              Full         <-----------"

If Full or almost full, immediately open a TAC case to have this directory cleared out via secure login, which only TAC has the access to generate the challenge string response:

firepower-1140-failed# connect local-mgmt
firepower-1140-failed(local-mgmt)# secure-login

Challenge String (Please copy everything between the asterisk lines exclusively):

********************************************************************************
Jur//<removed>
DONE.
********************************************************************************

Please input your response when ready:

AQAAAA<removed>
DONE.\
You have successfully entered all text. Please wait...
###

TAC then went about clearing out the necessary storage space:

Linux#cd /opt/cisco/platform/logs

Linux#cd sysmgr

Linux#cd sam_logs/

Linux#ls -alh

total 560M

-rw-r--r-- 1 root root      539M May  6  2024 management0.log.1

Linux#echo > "" > management0.log.1

###

TAC also had to clear out some message files:

Linux#cd /opt/cisco/platform/logs

Linux#cd var

Linux#cd log

Linux#ls -alh

total 362M

-rw-r----- 1 root adm  260M Mar 20  2022 messages.1

-rw-r----- 1 root adm  3.2M Mar  2  2021 messages.2

-rw-r----- 1 root adm   58M Feb 26  2021 messages.3

-rw-r----- 1 root adm  1.1M Dec 15  2020 messages.4

-rw-r----- 1 root adm   41M Dec 14  2020 messages.5

 

Linux#echo "" > messages.1

Linux#echo "" > messages.2

Linux#echo "" > messages.3

Linux#echo "" > messages.4

Linux#echo "" > messages.5

After above, firewall was rebooted, image upgrade process auto-started and failed, firewall came up in failsafe mode again.

TAC had to revert image to previous version, via the Linux kernel, reboot firewall, and unit came up on previous image.

Then had to go into running config, and update boot parameter to reference the previous image file, and save, to ensure firewall would boot up into working image. Rebooted firewall one more time to verify unit comes up correctly.

 



0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card