How to Reinstall the VDB on the Cisco Firepower FMC/FTD devices

In all my years of working with SourceFire and then ASA with Firepower, and now Firepower Threat Defense (FTD), I’ve never had a single problem with the VDB – until this week. Cisco put out a BAD VDB (300) that deletes the applications in your ACP. This is pretty horrible right? So let’s just delete this VDB and reinstall. This seems like it would be easy, right? No, not so much…

Here is the bug that was opened because of this: CSCvc48180 and the problem that appears in your ACP:

If you are running an earlier version than is available in your updates (System>Updates from the FMC), then you’re in luck! Just install the new version and it will probably fix the issue and start working, however, if there isn’t an update (only around once a month does Cisco send out a new VDB!), then you have to try and reinstall the current version.

If you call or open a ticket with Cisco, you can try this command:

 cd /et/sf/updates

sudo sh Sourcefire_VDB_Fingerprint_Database-4.5.0-[vdb version].sh — –force

That is a double dash followed by a double dash and then the force command.

If that doesn’t work, then you need to go though this long version:

The following is the long list of commands to fix, and you will have problems with permissions along the way. Here we go:

  1. Verify your version

[email protected]:/var/sf/updates# ls -lha | grep -i “4.5.”

  1. Via CLI remove the VDB installed

[email protected]:/var/sf/updates# rm Sourcefire_VDB_Fingerprint_Database-4.5.*.* (300.sh for me)

2. Verify again  with [email protected]:/var/sf/updates# ls -lha | grep -i “4.5.”

3. Its best at this point to download the new VDB from Cisco to your host, and then SCP the file to the /var/tmp folder on your FMC. I used WINSCP but you can do something like this if need be:

sudo scp Sourcefire_VDB_Fingerprint_Database-4.5.0-300.sh [email protected]:/var/tmp

4. Move the file into /var/updates and then verify the file:

[email protected]:/var/sf/updates# ls -lha | grep -i “4.5.” Notice the rights and owner on the left:

-rw-r–r–  1 admin admin  42M Jul 17 14:46 Sourcefire_VDB_Fingerprint_Database-4.5.0-300.sh

5. Change the ownership of the file:

[email protected]:/var/sf/updates# chown -R www:www Sourcefire_VDB_Fingerprint_Database-4.5.0-300.sh 

6. Verify that is changed from admin to www group:

[email protected]:/var/sf/updates# ls -lha | grep -i “4.5.”

-rw-r–r–  1 www  www   42M Jul 17 14:46 Sourcefire_VDB_Fingerprint_Database-4.5.0-300.sh

7.  Make the file executable

[email protected]:/var/sf/updates# chmod +x Sourcefire_VDB_Fingerprint_Database-4.5.0-300.sh 

8. Execute the VDB file after step 7 (You probably will get permission issues here)

[email protected]:/var/sf/updates# ./Sourcefire_VDB_Fingerprint_Database-4.5.0-300.sh

This is MUCH different than what Cisco has as the solution.

 

0 Comments

  1. Hi guys.

    Is that possible to downgrade VDB version?
    If so, how is the process?
    Can I just download the old version on cisco’s site then import on FMC via GUI and finally install it?

    Thanks

    1. Hello! You need to download the older version, and then uninstall using the tedious tasks I mentioned in this blog. I wrote this because I had to go through it myself!
      Good luck!

Leave a Reply

Your email address will not be published.