How to upgrade the fwsm image from 3.1(10) to 4.0(8).

Unanswered Question
Jan 12th, 2010
User Badges:

Hi all,

I need to upgrade the fwsm image from 3.1(10) to 4.0(8). Can i do it directly from 3.1(10) to 4.0(8) ?

Do i need to upgrade other image also along with Firewall version 4.0(8)?

FWSM# sh ver

FWSM Firewall Version 3.1(10)

Device Manager Version 6.1(5)F

Compiled on Mon 21-Apr-08 17:43 by fwsmbld

FWSM up 2 days 15 hours

failover cluster up 2 days 15 hours

Hardware: WS-SVC-FWM-1, 1024 MB RAM, CPU Pentium III 1000 MHz

Flash STI Flash 8.0.0 @ 0xc321, 20MB

0: Int: Not licensed : irq 5

1: Int: Not licensed : irq 7

2: Int: Not licensed : irq 11

The Running Activation Key is not set, using default settings:

Licensed features for this platform:

Maximum Interfaces : 256

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : Unlimited

Serial Number: SAD125004FT

Running Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000

Configuration last modified by enable_15 at 18:58:52.627 IST Mon Jan





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (3 ratings)
Panos Kampanakis Tue, 01/12/2010 - 13:16
User Badges:
  • Cisco Employee,

Yes, you can upgrade from 3.1 to 4.0.

Make sure you have downtime though and if you have failover that the FWSMs are not running 3.1 and 4.0 at the same time.

I hope it helps.


Kureli Sankar Tue, 01/12/2010 - 19:50
User Badges:
  • Cisco Employee,


If this is a failover pair then pls. follow this link.  zero downtime upgarde is not supported when doing a major upgrade.

once you get the code onto the blades "copy tftp flash:image" you can follow this link:

You already have the latest ASDM so, no need to upgrade that.


madhusudhan s Fri, 01/15/2010 - 04:15
User Badges:


Is it application partition or maintainance partion where we need to upgrade the image from 3.1(10) to 4.0.8.



Kureli Sankar Fri, 01/15/2010 - 05:19
User Badges:
  • Cisco Employee,

Application partitiion is what you will be upgrading from 3.1.(10 to 4.0(8).

MP - maintenance partition is supposed to be 2.1.2 or above which is the same requirement for 3.1.x so, you will be good there.

Pls. check the compatibility with the swtich code in this 4.0.8 Release Note link:

Pls. check the chassis system requirement in the above link.

commands you will need are:

copy tftp flash:image

copy tftp flash:asdm

falsh:image for OS and flash:asdm if you will be upgrading the asdm as well.


Norberto Salgado Tue, 04/17/2012 - 04:23
User Badges:

Hello KS,

in the upgrade from 3.1 to 4.0.x, the nat-control feature is mantained?

Thank you.

Best regards,



This Discussion