Last week I had to upgrade a pair of PIX 515E's running active/standby failover and it did not go as expected. I was going from 7.24(18) to 7.24(30). I uploaded the image to the flash on each, and set the boot parameter. I then rebooted the secondary/standby and it came back up fine. At that point I made the secondary the active and then rebooted the primary/standby, however it did not come back up correctly. A "show failover" from the secondary/active indicated it was in a failed state. Both firewalls were at a remote location so getting console access was not an option at the time. Users started reporting issues with traffic getting dropped with the connections that flowed through this pair, and it became evident that both firewalls thought they were active. I ended up rebooting the secondary/active, and it cleared the problem.
I've read some vague documentation that says you can upgrade with no downtime if you are moving from a certain code or release to another, but I can't find anything specific. I've got others telling me that I should have rebooted both at the same time, but I've never had to do that in the past, and it seems a little dangerous to me, particularly with most of the firewalls we support are at remote locations.
Any thoughts, experiences with upgrading pix's, or pix's vs asa's? I've gone from 7.24(18) to 7.24(30) on other firewall pairs just fine, maybe this one was just a fluke. But I'd like to get an idea of how other people approach these upgrades.