Upgrading Cisco Firepower Management Centers in a High Availability Pair

Cisco electronically distributes several different types of updates periodically. These include major and minor upgrades to the system software. You may need to install these updates on Firepower Management Centers in a high availability setup.

Make sure that there is at least one operational Firepower Management Center during an upgrade.

Before you begin

Read the release notes or advisory text that accompanies the upgrade. The release notes provide important information, including supported platforms, compatibility, prerequisites, warnings, and specific installation and uninstallation instructions.

Procedure

---

Step 1	Access the web interface of the active Firepower Management Center and pause data synchronization; see Pausing Communication Between Paired Firepower Management Centers.
Step 2	Upgrade the standby Firepower Management Center.When the upgrade completes, the standby unit becomes active. When both peers are active, the high availability pair is in a degraded state (split-brain).
Step 3	Upgrade the other Firepower Management Center.
Step 4	Decide which Firepower Management Center you want to use as the standby. Any additional devices or policies added to the standby after pausing synchronization are not synced to the active Firepower Management Center. Unregister only those additional devices and export any configurations you want to preserve.When you choose a new active Firepower Management Center, the Firepower Management Center you designate as secondary will lose device registrations and deployed policy configurations, which are not synced.
Step 5	Resolve split-brain by choosing the new active Firepower Management Center which has all the latest required configurations for policies and devices.