2 Replies Latest reply: Jul 20, 2019 5:22 AM by Marvin RSS

    Firepower 2100 Images clarification/Usage

    Mohd Ali

      Hi Experts,

       

      I am new to FTD world, could you please explain why do we have multiple images on box.

       

      Are all images necessary for FTD or some are optional ?

      Please explain the use of all below firmware/images.

       

      FP2110-477049371301-01 /firmware # show image

      Name                                          Type                 Version

      --------------------------------------------- -------------------- -------

      cisco-asa.9.8.2.csp                           CSP APP              9.8.2

      cisco-ftd.6.2.3.83.csp                        CSP APP              6.2.3.83

      fxos-k8-fp2k-firmware.1004.0103.0211.SPA      Switch Firmware      1004.0103.0211

      fxos-k8-fp2k-firmware.1006.0104.0213.SPA      Switch Firmware      1006.0104.0213

      fxos-k8-fp2k-lfbff.2.2.2.52.SPA               System Image         2.2(2.52)

      fxos-k8-fp2k-lfbff.2.3.1.84.SPA               System Image         2.3(1.84)

      fxos-k8-fp2k-npu.2.2.2.52.SPA                 Npu Image            2.2(2.52)

      fxos-k8-fp2k-npu.2.3.1.84.SPA                 Npu Image            2.3(1.84)

      fxos-k9-fp2k-manager.2.2.2.52.SPA             Manager Image        2.2(2.52)

      fxos-k9-fp2k-manager.2.3.1.84.SPA             Manager Image        2.3(1.84)

      fxos-k9-mgmtext.2.2.2.20.SPA                  Management Extension 2.2(2.20)

      FP2110-477049371301-01 /firmware #

        • 1. Re: Firepower 2100 Images clarification/Usage
          Mohd Ali

          adding more outputs

           

          FP2110-477049371301-01 /system # show version

          MANAGER:

              Boot Loader:

                  Firmware-Vers: 1006.0104.0213

              System:

                  Running-Vers: 2.3(1.84)

                  Platform-Vers: 2.3.1.84

                  Package-Vers: 6.2.3-83

              NPU:

                  Running-Vers: 2.3(1.84)

                  Platform-Vers: 2.3.1.84

                  Package-Vers: 6.2.3-83

              Service Manager:

                  Running-Vers: 2.3(1.84)

                  Platform-Vers: 2.3.1.84

                  Package-Vers: 6.2.3-83

          CCIE Security Study Group

          • 2. Re: Firepower 2100 Images clarification/Usage
            Marvin

            You don't need both the ASA and FTD images (the .csp files) unless you are switching back and forth between them - i.e. in a lab environment. A Firepower 2100 series appliance can run one or the other - but not both at the same time.

             

            For the other image types, you do need one of each type as each fulfills a role in running the system. It appears you have the current running one plus the previous one. You can safely remove the old one if you're satisfied that you don't need to revert to it.

             

            If you want to understand the various subsystems better, I recommend having a look at Cisco Live presentation BRKSEC-3035. Andrew Ossipov explains each of the Firepower appliance platforms' architecture in this deep dive session.