PIX 515e Memory Upgrade in Failover

Unanswered Question
rajbhatt Wed, 04/25/2007 - 03:53

Hi Alex,

There is no specifc way.

You can try this :with minimum downtime :

1.Shut down primary PIX (NOT reload)

2. Secondary is active now (Do a 'show failover' to confirm that)

3.Perform the upgrade for primary

4.Shut down secondary (NOT reload)and upgrade memory for secondary

5.Boot up primary (and it will become active with new hardware)

6.Wait 3 to 5 mins->Do a 'show version' and 'show failover' on primary to confirm

8. boot up secondary (and it will become standby with new hardware)

Here a link to upgrade the memory :



mark.j.hodge Wed, 04/25/2007 - 05:35

The way I have always done this, as well as software upgrades is

1 - Ensure firewall is running on Primary, if necessary run "failover active"

2 - Upgrade Secondary device

3 - Ensure correct boot of Secondary, monitor logs on both devices

4 - Make Secondary device active with "failover active" command

5 - Upgrade Primary device

6 - Ensure correct boot of Primary, monitor logs on both

7 - Optional make Primary active

The difference between the "failover active" command and just shutting down is that the cluster is told to migrate the active environement, rather than discovering a failure. Therefore the failover is quicker, and there is less interupt to service.

** Please rate is post is helpful **

mcarrascor Tue, 10/02/2007 - 16:20

What will happen in case of "major" upgrade ? Such as 6.3 to 7.0 , as far I know there will not be failover anymore.

In such case exist another procedure ?


Manuel Carrasco R.

Network Consultant


This Discussion