Cisco Secure Firewall 1200防火墙版本由FTD转为ASA

背景说明

思科CSF1200系列防火墙开局版本安装。设备出厂为FTD版本，实际部署需要安装ASA版本。本案例在FXOS中进行FTD到ASA的转换。

操作过程

1、准备目标软件版本镜像。提前在思科官网下载目标软件版本镜像 https://software.cisco.com/download/home 。

2、通过U盘上传目标版本镜像至设备。

firepower# scope firmware
firepower /firmware # download image usbA:/cisco-asa-csf1200.9.23.1.SPA

3、检查上传进展。

firepower /firmware # show download-task 

Download task:
    File Name Protocol Server          Port       Userid          State
    --------- -------- --------------- ---------- --------------- -----
    cisco-asa-csf1200.9.23.1.SPA
              Usb A                             0                 Downloading    <<---检查此处状态

4、检查上传的软件包。

firepower /firmware # show image 
Name                                          Type                 Version
--------------------------------------------- -------------------- -------
cisco-asa-csf1200.9.23.1.SPA                  CSP APP              9.23.1           <<---目标版本已经上传
cisco-ftd.7.6.0.113.csp                       CSP APP              7.6.0.113

4、安装软件包。

firepower /firmware # scope firmware
firepower /firmware/auto-install # install security-pack version 9.23.1      <<---版本号与show image中目标版本文件version字段值相同

The system is currently installed with security software package 7.6.0-113, which has:
   - The platform version: 2.16.0.128
   - The CSP (ftd) version: 7.6.0.113
If you proceed with the upgrade 9.23.1, it will do the following:
   - upgrade to the new platform version 2.17.0.518
   - reimage the system from CSP ftd version 7.6.0.113 to the CSP asa version 9.23.1
During the upgrade, the system will be reboot

Do you want to proceed ? (yes/no):yes     <<---此处注意选择yes

This operation upgrades firmware and software on Security Platform Components
Here is the checklist of things that are recommended before starting Auto-Install
(1) Review current critical/major faults
(2) Initiate a configuration backup

Attention:
   If you proceed the system will be re-imaged. All existing configuration will be lost,
   and the default configuration applied.
Do you want to proceed? (yes/no):yes      <<---此处注意选择yes

Triggered the install of software package version 9.23.1
Install started. This will take several minutes.
For monitoring the upgrade progress, please enter 'show' or 'show detail' command.
INIT: Switching to runlevel: 6ll # 
Broadcast message from root@firepower (Wed Mar  4 02:50:40 2026):

System is restarted due to application install failed. 
The system is going down for reboot NOW!

5、升级完成后检查。

ciscoasa# show version 

Cisco Adaptive Security Appliance Software Version 9.23(1)       <<---可以看到已经升级到目标ASA版本
SSP Operating System Version 2.17(0.518)
Device Manager Version 7.23(1)

Compiled on Mon 03-Mar-25 16:48 GMT by fpbesprd
System image file is "disk0:/installables/switch/fxos-k8-csf1200-lfbff.2.17.0.518.SPA"
Config file at boot was "startup-config"