[Troubleshooting Guide] ASA 5506-X sensor patch update failure!

I’ve recently decided to update the sensor of my ASA 5506 X sourcefire appliance to the latest version. Most of the times the process will take a long time but will be smooth. Well,not in this case…

Following the Cisco guide (here), I’ve downloaded the latest version ( 6.2.3.3-76 at the time of writing) through the ASDM GUI and attempted to install the latest version.

After 5 hours, the SFR module became completely unresponsive (thank god I had it in fail-open mode!). Needless to say that if you do have TAC support, now is the time to engage them.  But again where is the fun in that?

  • Login to SFR module, go to expert mode and escalate to root

  • Navigate to the upgrade directory (/var/log/sf/Cisco_Network_Sensor_Patch-6.2.3.3)  and move flags.conf out of this directory

  • Restart ASDM and re-run the patch via the updates page in ASDM.

Let’s it run for few hours and you can monitor the status through the corresponding log (if you want to monitor the log in real-time use the “-f” flag)

If you have any question please do let me know by leaving a comment below

Leave a Reply