Reimage on Cisco ASA FTD

Install FTD image on Cisco ASA 5506 or Cisco ASA 5508

This post will describe the process to install the FTD boot image and FTD system image on a Cisco ASA 5506-X or Cisco ASA 5508-X firewall. The images listed below will be required and can be downloaded from the Cisco website

  • FTD Boot Image (ftd-boot-X.X.X.X.lfbff)
  • FTD System Image (ftd-X.X.X-X.pkg)

In order to download the images to the ASA a TFTP, FTP or HTTP server will be required.

  • TFTP Server (e.g. Solarwinds TFTP) required to load the Boot Image
  • FTP or HTTP Server required to load the FTD System Image

*** Remember to allow TFTP, FTP or HTTP through system firewall

Upgrade Boot Image

  • Connect a console cable to the CONSOLE port on the ASA 5506-X
  • Connect the MGMT interface into a switch on the same subnet as the TFTP/FTP/HTTP server and turn on the ASA
  • Interrupt the boot process when prompted, press ESC
  • Erase the disk, type: erase disk0:
  • At the rommon prompt, configure address, server, gateway, file settings and then enter the set command, e.g:-

address 192.168.10.10
serverĀ  192.168.10.20
gateway 192.168.10.20
fileĀ  ftd-boot-X.X.X.X.lfbff
set
sync
tftpdnld

During the upgrade process the device will automatically reboot, once completed, the prompt should be firepower-boot>

Upgrade System Image

Copy the FTD image (e.g. ftd-6.2.3-83.pkg) to your FTP/HTTP Server (in this instance 192.168.10.10 is an http server from where the image will be downloaded).

On the ASA FTD console, at the firepower-boot> prompt type setup

Enter a hostname [firepower]: FTD

Do you want to configure IPv4 address on management interface?(y/n) [Y]: y

Do you want to enable DHCP for IPv4 address assignment on management interface?(y/n) [Y]: n

Enter an IPv4 address: 192.168.10.20

Enter the netmask: 255.255.255.0

Enter the gateway: 192.168.10.10

Do you want to configure static IPv6 address on management interface?(y/n) [N]:n

Stateless autoconfiguration will be enabled for IPv6 addresses.

Enter the primary DNS server IP address: 192.168.10.10

Do you want to configure Secondary DNS Server? (y/n) [n]: n

Do you want to configure Local Domain Name? (y/n) [n]: n

Do you want to configure Search domains? (y/n) [n]: n

Do you want to enable the NTP service? [Y]: n

When prompted, press y to apply the changes

At the firepower-boot> prompt type:

system install noconfirm http://192.168.10.10/download/ftd-X.X.X-X.pkg

or depending of if using FTP or HTTP

system install noconfirm ftp://192.168.10.10/download/ftd-X.X.X-X.pkg

After the system has rebooted you will be at the firepower login: prompt, you can determine that the FTD install completed successfully as it confirms the version.

You can now login to the device using the default username is admin and the password is Admin123. Once logged into the device you can configure the device.