Upgrade FWSM from 3.1(4) to 4.0(10)

Answered Question
Feb 12th, 2010

Hi all:

I have to upgrade a FWSM from 3.1 to 4.0(10). I have some doubts to this respect:

1. May I do it directly or I need an intermediate jump before (let's say 4.0(0))?.

2. Once I upload the new version and reboot the appliance, it will detect the newest version and boot with it? (in that moment there will be 2 versions on the fw), I don't see the boot command like routers to specify.


2. If the appliance behaviour is not the expected once done the upgrade (it's a critical firewall), how can I back to the previous scenario?. Of course, I'll do a configuration backup but the commands nomenclature from 3.1 to 4.0. Do I must load the previous config file and erase the new version from flash?.

Thanks a lot,

Francisco

Correct Answer by Kureli Sankar about 7 years 1 week ago

Yes,

I would make sure both cf:4 and cf:5 have the same 3.1.4 code. Your config which is in version 3.1.4 will be in both cf:4 and cf:5. Either copy and paste or tftp the file.

The you upgrade either cf:4 or cf:5 to 4.x and when that partition loads 4.x it will automatically convert the config to 4.x

when you boot cf:4 - you will have 3.x image and 3.x config

when you boot cf:5 - you will have 4.x image and  4.x config

-KS

Correct Answer by Panos Kampanakis about 7 years 1 week ago

For the questions to pkampana, you can find 3.1.4 here http://www.cisco.com/cgi-bin/tablebuild.pl/cat6000-fwsm

For the question to kusankar, when you boot to a new partition you will need to copy the config since each partition has its own config. So, the 3.1 config will be converted to 4.0 and each of your partition will have the right version with the corresponding config.

I hope it helps.

PK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Francisco Del Cura Fri, 02/12/2010 - 09:06

Ok, thanks. Yes there is a failover pair. I have already read that part and the config guide 4.0 but I dont understand how exactly to do the downgrade. Once I copy the new version, the old one is erased or not. If not, the downgrade steps are to load the 3.x configuration and erase the 4.0 version?

Francisco Del Cura Fri, 02/12/2010 - 10:08

I've already read all relationed about upgrading/downgrading FWSM on that document. After to do it, I don't have clear the question 2 and 3 from my first post.

Regards

Panos Kampanakis Fri, 02/12/2010 - 16:45

2. There is only one image stored in flash, when you copy the new one you can only boot to that one.

You can save the 3.x config in your flash and if you go to 4.0 and there are problems you can revert back to 3.x and just copy the save config from 3.2 to the running config.

I hope it helps.

PK

Kureli Sankar Fri, 02/12/2010 - 17:17

There are 2 application partitions in the blade. cf:4 and cf:5 are the application partitions on the FWSM.

Some people load 4.x in one and 3.x in the other. So, you can have both codes on the same blade.

You just have to issue the command

hw-module module mod_num reset cf:4

or

hw-module module mod_num reset cf:5

to boot into which ever image you want to.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/configuration/guide/swcnfg_f.html#wp1048848

-KS

Francisco Del Cura Sat, 02/13/2010 - 02:23

pkampana, if there are problems with the new version, how can I to load the 3.1(4) version again?, it's not available on downloads section. Does it exist any way to save it before upgrading?.

kusankar, I know about partitions on FWSM but I dont have clear the next, once loaded the new version on cf:5 partition, how can I load the configuration stored on cf:4 partition, as well, the commands on 3.1(4) are differents on 4.1(10).

Thanks a lot for your support

Correct Answer
Panos Kampanakis Sat, 02/13/2010 - 05:51

For the questions to pkampana, you can find 3.1.4 here http://www.cisco.com/cgi-bin/tablebuild.pl/cat6000-fwsm

For the question to kusankar, when you boot to a new partition you will need to copy the config since each partition has its own config. So, the 3.1 config will be converted to 4.0 and each of your partition will have the right version with the corresponding config.

I hope it helps.

PK

Francisco Del Cura Sat, 02/13/2010 - 07:36

Thanks for the link kampana. The only doubt I have is...imagine I reload the FWSM with cf:5 partition and load on it the new version, the next step is to paste the config, how could I do it?, from the flash?, from a TFTP/FTP/HTTP server?.

Thanks so much,

Francisco

Correct Answer
Kureli Sankar Sat, 02/13/2010 - 08:25

Yes,

I would make sure both cf:4 and cf:5 have the same 3.1.4 code. Your config which is in version 3.1.4 will be in both cf:4 and cf:5. Either copy and paste or tftp the file.

The you upgrade either cf:4 or cf:5 to 4.x and when that partition loads 4.x it will automatically convert the config to 4.x

when you boot cf:4 - you will have 3.x image and 3.x config

when you boot cf:5 - you will have 4.x image and  4.x config

-KS

jilahbg Sat, 02/13/2010 - 11:29

I havent been looking at a fwsm irl for a while so sorry for a perhaps stupid question...

Bit, is cf:3 and cf:4 two different compact flash-cards on the module? In that case, can I prepare the config by (during uptime) remove the cf-cards and manipulate/change the boot files and then re-insert them? And then during maintenance-time just reboot them?

If so, can I swap between 3.x-code (and its corresponding config) on one cf-card and 4.x-code (and itś config) on another card by swapping the cards and do a reboot?

I guess these cf-cards are plain fat32?

Or are they all internal on-board so they are impossible to reach without ejecting the fwsm-module from the chassi?

Br Jimmy

Kureli Sankar Sat, 02/13/2010 - 14:26

Jimmy,

If the flash goes bad, we can't even RMA just the flash. We RMA the entire blade.

So, what you are thinking to do is not possible.

-KS

Actions

This Discussion