{"id":1092,"date":"2021-06-25T16:58:40","date_gmt":"2021-06-25T13:58:40","guid":{"rendered":"https:\/\/wiki.volu-t.ru\/?p=1092"},"modified":"2021-06-25T16:59:40","modified_gmt":"2021-06-25T13:59:40","slug":"manually-upgrading-a-cisco-sfr-module","status":"publish","type":"post","link":"https:\/\/wiki.m-network.ru\/?p=1092","title":{"rendered":"Manually Upgrading a Cisco SFR Module"},"content":{"rendered":"\n<p>Manually upgrading a SFR module requires SSH access to the SFR module, a SCP\/SFTP server, and the upgrade file from cisco.com.<\/p>\n\n\n\n<h3>1.) Gain root access to the module.<\/h3>\n\n\n\n<p>SSH to the SFR module\u2019s IP address and login with the administrative credentials.&nbsp; Once you are provided a prompt, use the \u201cexpert\u201d command to enter a bash prompt.&nbsp; Then SU into root.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>> expert\nadmin@clientSFR:~$ sudo su -\nPassword:\nLast login: Wed Oct 2 02:42:29 UTC 2019 on pts\/0\nroot@clientSFR:~#<\/code><\/pre>\n\n\n\n<h3>2.) Download the upgrade file to \/var\/sf\/updates.<\/h3>\n\n\n\n<p>Now that you have root access, you will need to download the patch to the SFR module.&nbsp; To do this, I used an SCP server running on my desktop.&nbsp; A decent SCP\/SFTP server that I use is the free \u201c<a rel=\"noreferrer noopener\" href=\"https:\/\/www.solarwinds.com\/free-tools\/free-sftp-server\" target=\"_blank\">Solarwinds SFTP &amp; SCP Server<\/a>.\u201d&nbsp; Once you have the server up and running with the files available, you can use the scp command to download the file to the SFR module.&nbsp; Once downloaded generate a MD5 or SHA512 checksum to verify the file contents are correct and then compare the checksum with the one provided on Cisco\u2019s download site. (The upgrade depicted in the example is version 6.2.3.10)<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>root@clientSFR:~# scp justin@172.16.1.254:\/Cisco_Network_Sensor_Patch-6.2.3.10-59.sh.REL.tar \/var\/sf\/updates\/\nThe authenticity of host '172.16.1.254 (172.16.1.254)' can't be established.\nRSA key fingerprint is SHA256:&lt;Server's Fingerprint Not Shown>\nAre you sure you want to continue connecting (yes\/no)? yes\nWarning: Permanently added '172.16.1.254' (RSA) to the list of known hosts.\njustin@172.16.1.254's password:\nCisco_Network_Sensor_Patch-6.2.3.10-59.sh.REL  10%   51MB 603.6KB\/s   12:04 ETA\nCisco_Network_Sensor_Patch-6.2.3.10-59.sh.REL  30%  145MB 586.4KB\/s   09:41 ETA\n\n&lt;!-- LINES OMITTED -->\n\nroot@clientSFR:~# md5sum \/var\/sf\/updates\/Cisco_Network_Sensor_Patch-6.2.3.10-59.sh.REL.tar\n05ac75426c12b80c03885ff7733c15db  \/var\/sf\/updates\/Cisco_Network_Sensor_Patch-6.2.3.10-59.sh.REL.tar\nroot@clientSFR:~# sha512sum \/var\/sf\/updates\/Cisco_Network_Sensor_Patch-6.2.3.10-59.sh.REL.tar\n12e40937a90e8a826615b1a7e95913277045449695efe981e0c125f1ec35d6a3ad8a7c8f1bbf9e78bbc73afa8938cf11ddece5f8b302472500cd4dcc78c2e97d  \/var\/sf\/updates\/Cisco_Network_Sensor_Patch-6.2.3.10-59.sh.REL.tar<\/code><\/pre>\n\n\n\n<h3>3.) Start the upgrade process.<\/h3>\n\n\n\n<p>Everything is now ready for upgrading.&nbsp; The file is located on the SFR module and has been verified against corruption.&nbsp; To start the upgrade, the \u201cinstall_update.pl\u201d script is used.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>root@clientSFR:~# install_update.pl \/var\/sf\/updates\/Cisco_Network_Sensor_Patch-6.2.3.10-59.sh.REL.tar\nARGV[0] = \/var\/sf\/updates\/Cisco_Network_Sensor_Patch-6.2.3.10-59.sh.REL.tar\n\ninstall_update.pl begins. bundle_filepath: \/var\/sf\/updates\/Cisco_Network_Sensor_Patch-6.2.3.10-59.sh.REL.tar\n\nVerifying archive integrity... All good.\n\nUncompressing Cisco Network Sensor Patch \/ Wed Feb  6 14:41:31 UTC 2019.....\n............................................................................\n............................................................................\n............................................................................\n............................................................................\n............................................................................\n............................................................................\n..........\n[190522 14:07:48:925] MAIN_UPGRADE_SCRIPT_START\n[190522 14:07:49:249] #####################################\n[190522 14:07:49:253] # UPGRADE  STARTING \n[190522 14:07:49:258] #####################################\n[190522 14:07:49:395] BEGIN  000_start\/000_check_sign_type.sh\n[190522 14:07:51:594] END 000_start\/000_check_sign_type.sh\n[190522 14:07:51:666] BEGIN  000_start\/000_check_update.sh\n[190522 14:07:52:876] END 000_start\/000_check_update.sh\n[190522 14:07:52:954] BEGIN  000_start\/100_start_messages.sh\n[190522 14:07:54:843] END 000_start\/100_start_messages.sh\n\n&lt;!-- LINES OMITTED -->\n&lt;!-- THIS GOES ON FOR AWHILE. -->\n<\/code><\/pre>\n\n\n\n<h3>NOTE: Monitoring the upgrade.<\/h3>\n\n\n\n<p>The upgrade can take awhile to complete.&nbsp; If you\u2019re like me, you\u2019ll need to step away from the screen from time to time.&nbsp; When you come back, you will find that your SSH session has timed out.&nbsp; Luckily, once the upgrade script starts it creates a directory structure that contains a status.log file.&nbsp; The upgrade script pipes the output to this file, so the upgrade can be monitored using this file.&nbsp; In the output below, I used the tailf command to constantly output updates.&nbsp; Keep in mind the below upgrade was for 6.2.3.10, so the directory structure depicts this.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>root@clientSFR:\/# tailf \/var\/log\/sf\/Cisco_Network_Sensor_Patch-6.2.3.10\/status.log\nui:[92%] Running script 999_finish\/988_reconfigure_model.sh...\nui:[92%] Running script 999_finish\/989_flip_mbr.sh...\nui:[93%] Running script 999_finish\/989_update_ngfw_conf_aquila.sh...\nui:[94%] Running script 999_finish\/989_update_ngfw_conf_aquila_ssp.sh...\nui:[94%] Running script 999_finish\/990_restart_bird_after_reboot.pl...\nui:[95%] Running script 999_finish\/999_disable_upgrade_ui.sh...\nui:[95%] Running script 999_finish\/999_enable_syncd.sh...\nui:[96%] Running script 999_finish\/999_leave_maintenance_mode.pl...\nui:[97%] Running script 999_finish\/999_p_Stop_Sybase.sh...\nui:[97%] Running script 999_finish\/999_rm_old_var.sh...\nui:[98%] Running script 999_finish\/999_y_must_be_next_to_last_to_generate_integrity_data.sh...\nui:[98%] Running script 999_finish\/999_z_complete_upgrade_message.sh...\nui:[98%] Upgrade complete\nui:[99%] Running script 999_finish\/999_z_must_remain_last_finalize_boot.sh...\nui:[99%] Running script 999_finish\/999_zz_install_bundle.sh...\nui:[100%] The system will now reboot.\nui:System will now reboot.\nui:[100%] Installation completed successfully.\nui:Upgrade has completed.\nstate:finished<\/code><\/pre>\n\n\n\n<p>Original &#8212; https:\/\/justinhulsman.wordpress.com\/2019\/10\/02\/firepower-network-sensor-upgrade-failed\/<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Manually upgrading a SFR module requires SSH access to the SFR module, a SCP\/SFTP server, and the upgrade file from cisco.com. 1.) Gain root access to the module. SSH to the SFR module\u2019s IP address and login with the administrative credentials.&nbsp; Once you are provided a prompt, use the \u201cexpert\u201d command to enter a bash ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/wiki.m-network.ru\/?p=1092\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[205,210,211],"tags":[],"_links":{"self":[{"href":"https:\/\/wiki.m-network.ru\/index.php?rest_route=\/wp\/v2\/posts\/1092"}],"collection":[{"href":"https:\/\/wiki.m-network.ru\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wiki.m-network.ru\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wiki.m-network.ru\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/wiki.m-network.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1092"}],"version-history":[{"count":2,"href":"https:\/\/wiki.m-network.ru\/index.php?rest_route=\/wp\/v2\/posts\/1092\/revisions"}],"predecessor-version":[{"id":1094,"href":"https:\/\/wiki.m-network.ru\/index.php?rest_route=\/wp\/v2\/posts\/1092\/revisions\/1094"}],"wp:attachment":[{"href":"https:\/\/wiki.m-network.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1092"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wiki.m-network.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1092"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wiki.m-network.ru\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1092"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}