02-22-2008 02:25 AM - edited 03-11-2019 05:06 AM
Am upgrading a production pair (failover pair) of Pix 525 to 6.3(5125) in next few days. (Also am rationalising exisiting rulebase). Any caveats on doing this upgrade with a failover pair? Thanks
02-22-2008 02:42 AM
Peter-net
I think the only issue is memory to 128MB for Unristricted. Here is a helpful site:
http://www.cisco.com/en/US/docs/security/asa/asa70/pix_upgrade/upgrade/guide/pixupgrd.html
rlacap
02-22-2008 03:11 AM
Just a tip on this... you've probably thought about it yourself already.
Be careful with the copying of the images if you are doing the upgrade on a live solution. As soon as you copy the image to one of the firewalls the failover no longer exists (because it needs the same image on both of them). I would advise you to plan this very carefully if you are doing it remotely.
02-22-2008 05:53 AM
hey Peter,
Follow this procedure and you are safe :
1)Power off Primary (this causes Secondary to become active)
2)Disconnect all cables from Primary (including failover cable)
3)Power on Primary and attach a PC with a tftp server on it
4)Use "copy tftp flash" to upgrade the Primary
5)Reload Primary and verify the new version, config... etc...
6)Power off Primary
Reconnect all cables back to the Primary
7)Quickly power off Secondary, and then immediately Power on Primary
- Note: This is where your downtime will occur while the Primary is booting
Once the Primary is up it will be Active, and passing traffic
8)Repeat steps 2 - 7, but for the Secondary PIX
Power on the Secondary, it will come up as Standby
9)Both PIXes are now running the upgraded version and back to normal operation.
This completes the upgrade process.
02-27-2008 06:24 AM
Hello Peter,
I recently (weekend before last) upgraded our 535 firewall failover pair to 7.2 and used the steps as specified by Abinjola. And it went on without too much of a problem.
Goes without saying, to remember to backup your current config just in case.
In my case, the only issue i had was space on the device, so i had to delete the existing ASDM image from flash first, reloaded the firewall, then run the copy tftp flash. Once i verified that that was working fine, i then got rid of the old firmware image from flash too.
You will also need to copy a new ASDM image to work with the new firmware you are upgrading to.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: