Even in version 7.2 of CISCO Firepower FMC there is the 100MB upload bug for anyconnect client, so here is my workaround. Somehow CISCO always manages to surprise me with unnecessary bugs that shouldn’t be there. Especially if these bugs are old and could be easily fixed by CISCO.
You get this error when you try to upload the new Image 5.1.2.42 to the FMC:
„Error during file upload. Please ensure that the Firewall Management Center has enough space, the file is valid and that the file name contains only letters, digits, – and _. AnyConnect Image file names may contain.“
I find CISCO’s impossible recommendation on how to deal with the bug quite dubious and almost rude:
Use a previous image for AnyConnect/Secure Client Image which is smaller than 100MB
This can’t be serious. So you should install a mostly insecure and CVE-loaded client just because the manufacturer who collects a lot of money for licenses is too fine to change 1 number in their .cgi and roll it out. CISCO could release a mini-update for the FMC that would be a thing of the past. Enough complaining about my workaround here.
CISCO Firepower FMC 100MB upload bug workaround:
1. Establish an SSH connection with your FMC
2. Enter the expert command:
> expert
3. Then go to the folder with the fileUpload.cgi
:~$ cd /usr/local/sf/htdocs/ddd/fileUpload.cgi
4. Get the rights you need:
sudo su
5. Start vim with the +76 attribute:
vim +76 fileUpload.cgi
You can also run vim directly with the file from the folder BUT the slightest mistyping creates a new file or folder, and you must start over 😊
5. Start vim with the +76 attribute:
vim +76 fileUpload.cgi
6. In Vim, please start the interactive mode immediately with: in i
7. Search for the line with
ANY_CONNECT_IMAGE => 100 * 1024 * 1024,
and change it to
ANY_CONNECT_IMAGE => 200 * 1024 * 1024
8. It should look like this
9. Save the change. First ESC then save everything with :wq – if VIM complains, type :wq!
- More about VIM HERE
- https://bst.cisco.com/quickview/bug/CSCwh14467
- https://bst.cisco.com/bugsearch/bug/CSCwh14467?rfs=qvlogin
- Same bug different report: https://bst.cisco.com/quickview/bug/CSCwi86503