2 Replies Latest reply: Jul 20, 2019 5:22 AM by Marvin RSS

    Firepower 2100 Images clarification/Usage

    Mohd Ali

      Hi Experts,


      I am new to FTD world, could you please explain why do we have multiple images on box.


      Are all images necessary for FTD or some are optional ?

      Please explain the use of all below firmware/images.


      FP2110-477049371301-01 /firmware # show image

      Name                                          Type                 Version

      --------------------------------------------- -------------------- -------

      cisco-asa.9.8.2.csp                           CSP APP              9.8.2

      cisco-ftd.                        CSP APP    

      fxos-k8-fp2k-firmware.1004.0103.0211.SPA      Switch Firmware      1004.0103.0211

      fxos-k8-fp2k-firmware.1006.0104.0213.SPA      Switch Firmware      1006.0104.0213

      fxos-k8-fp2k-lfbff.               System Image         2.2(2.52)

      fxos-k8-fp2k-lfbff.               System Image         2.3(1.84)

      fxos-k8-fp2k-npu.                 Npu Image            2.2(2.52)

      fxos-k8-fp2k-npu.                 Npu Image            2.3(1.84)

      fxos-k9-fp2k-manager.             Manager Image        2.2(2.52)

      fxos-k9-fp2k-manager.             Manager Image        2.3(1.84)

      fxos-k9-mgmtext.                  Management Extension 2.2(2.20)

      FP2110-477049371301-01 /firmware #

        • 1. Re: Firepower 2100 Images clarification/Usage
          Mohd Ali

          adding more outputs


          FP2110-477049371301-01 /system # show version


              Boot Loader:

                  Firmware-Vers: 1006.0104.0213


                  Running-Vers: 2.3(1.84)


                  Package-Vers: 6.2.3-83


                  Running-Vers: 2.3(1.84)


                  Package-Vers: 6.2.3-83

              Service Manager:

                  Running-Vers: 2.3(1.84)


                  Package-Vers: 6.2.3-83

          CCIE Security Study Group

          • 2. Re: Firepower 2100 Images clarification/Usage

            You don't need both the ASA and FTD images (the .csp files) unless you are switching back and forth between them - i.e. in a lab environment. A Firepower 2100 series appliance can run one or the other - but not both at the same time.


            For the other image types, you do need one of each type as each fulfills a role in running the system. It appears you have the current running one plus the previous one. You can safely remove the old one if you're satisfied that you don't need to revert to it.


            If you want to understand the various subsystems better, I recommend having a look at Cisco Live presentation BRKSEC-3035. Andrew Ossipov explains each of the Firepower appliance platforms' architecture in this deep dive session.