PIX 535 Hardware Upgrade Procedure with Failover

Unanswered Question
Oct 19th, 2007
User Badges:


We have a pair of PIX 535 6.3(5) one with UR and other with FO license. We are going to upgrade the cards in the first 3 slots to GiGE and want to minimise any downtime. If we power off the PIX with the UR license and disconnect all cables including the failover cable in order to unrack it and perform the upgrade will the PIX with the FO license continue to work? Looking on CCO it states that:-

"The PIX Firewall failover unit is intended to be used solely for failover and not in standalone mode.

If a failover unit is used in standalone mode, the unit will reboot at least once every 24 hours until

the unit is returned to failover duty"

So is there the possibility that while upgrading the hardware (say 60 mins max) on the UR PIX the FO PIX will reboot - and then hang on boot up as it is not connected to the UR PIX causing a loss of service?

(After upgrading of the UR PIX the same ipgrade will then be performed on the FO PIX!)



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


I don't see why the scenario mentioned above wouldn't work. If the unit with a UR license in a failover pair fails and is removed from the

configuration, the unit with the FO license does not automatically reboot every 24 hours; it operates uninterrupted unless the it is manually rebooted. After the manual reboot, it will continue to reboot every 24 hours until the UR unit is back in production.

9ptostevin Wed, 10/24/2007 - 00:39
User Badges:


That seems to be different from what the document quoted above says! And I remember booting up a newly delivered PIX once that happened to have a failover license and it would not boot up because of the FO license.




This Discussion