Firepower Software: Automatic Software Downloads And Content Updates Might Fail After January 10, 2023

Field Notice: FN – 72501 – CSCwa67488

Problem Description

For affected versions of Firepower software, automatic software downloads, Snort Rule Updates (SRUs), Vulnerability Database (VDB) updates, and Geolocation Database (GeoDB) updates might fail after January 10, 2023 due to a Secure Sockets Layer (SSL) certificate change.

Solution

Cisco recommends to upgrade to one of the Firepower software versions shown in the table in order to continue to receive the latest Secure Firewall software, SRU, VDB, and GeoDB updates.

The FMC software must be updated to fix the certificate issue. The Secure Firewall device managed by the FMC does NOT need to be updated to fix the certificate issue.

The FDM must be updated to fix the certificate issue for the Secure Firewall device managed by the FDM.

Release Version Fixed Version
Firepower 6.1.x Migrate to a fixed release

(End-of-Life announcement November 2019)

Firepower 6.2.x Firepower 6.2.3.18 or later

(End-of-Life announcement August 2021)

Firepower 6.3.x Migrate to a fixed release

(End-of-Life announcement October 2019)

Firepower 6.4.x Firepower 6.4.0.15 or later
Firepower 6.5.x Migrate to a fixed release

(End-of-Life announcement May 2020)

Firepower 6.6.x Firepower 6.6.7 or later
Firepower 6.7.x Firepower 6.7.0.3 or later

(End-of-Life announcement January 2021)

Firepower 7.0.x Firepower 7.0.2 or later
Firepower 7.1.x Firepower 7.1.0.1 or later

 

 

 

 

4 Comments

  1. What version are you recommending for Firepower now? What are you seeing your customers run?

    Thanks.

    1. 7.2, with 7.3 soon. We’re in beta for 7.4, but soon 7.3 will be out long enough to recommend, as it’s superior with its features. but 7.2 has been out and works well..later this summer, go to 7.3

  2. Hello Todd,
    Would appreciate your input on a recent development in our upgrade of the FTD 1010 to 7.0.5.
    Though the upgrade did resolve our CA Certificate issue, a new Bug has surfaced post our upgrade.
    The issue is related to CSCwe00961 – MemCap for Security Intelligence URL feeds for the 1010.
    Question, have other users of the 1010 incurred the same Bug issue, and what are the workarounds being suggested by their Cisco TAC team, other than TAC has referred the issue to Development.
    Has this Bug /Issue been resolved in version 7.2.2?
    Thanks in advance,
    Gary

    1. Hi Gary, thank you for writing.
      That bug had been fixed a couple of times. I recommend going to 7.3.0.1
      it is a great code with tons of new excellent features. I have not seen that issue at any of my customers; they are all on a 7.3 code

Comments are closed.