ASA5510 firmware upgrade for Active/Standby set up

Answered Question
Mar 18th, 2010
User Badges:

Hi All,


I wish to upgarde a redundant pair of firewalls in a maintenance window. Downgtime is not an issue during two hour window.


We wish to upgrade from 7.2 to 8.3. Is it safe to download 8.x image to 5510s, set up boot system flash:/newimage, boot system flash:/oldimage and then reload the firewalls? I can certainly also failover to secondary and then uograde primary and then revert back control to primary and then upgrade secondary, but not sure if I need to migrate from 7.2 to something like 7.9 and then 8.0 and 8.3 for each firewall. I tried to do some research on Cisco docs, but I could not find answer, though I am sure it is buried somewhere.


Please advise.


Thanks a lot.

Correct Answer by ankurs2008 about 7 years 4 months ago

hi


For zero downtime , ensure to upgrade from version 7.2 -> 8.0 -> 8.2 , if the same is done within a downtime then 7.2 -> 8.2 cane be done directly

Correct Answer by Kureli Sankar about 7 years 4 months ago

What is the reason to go to 8.3? Are you looking for new features?

If you want to upgrade just because the new code is available, then I'd like to suggest to go to 8.2.


8.3 has memory requirements for all platform. There have been many changes in the NAT is configured.

You can read in the release notes here: http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html


-KS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Kureli Sankar Thu, 03/18/2010 - 18:52
User Badges:
  • Cisco Employee,

What is the reason to go to 8.3? Are you looking for new features?

If you want to upgrade just because the new code is available, then I'd like to suggest to go to 8.2.


8.3 has memory requirements for all platform. There have been many changes in the NAT is configured.

You can read in the release notes here: http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html


-KS

Devinder Sharma Thu, 03/18/2010 - 19:11
User Badges:

Thanks KS for your advice. The reason to upgrade is PCI compliance for two factor authentication, which is supported on 8.x.


I agree if 8.3 requires a ton of additonal DRAM, then 8.2.x will do for our application. And as I indicated, down time is not an issue, in that case, do you forsee any issues in downloading 8.2.x code and then reload the firewall. Hopefully there is nothing like boot rom upgrade that requires intermediate code?


Thanks again.

Correct Answer
ankurs2008 Fri, 03/19/2010 - 07:36
User Badges:

hi


For zero downtime , ensure to upgrade from version 7.2 -> 8.0 -> 8.2 , if the same is done within a downtime then 7.2 -> 8.2 cane be done directly

Devinder Sharma Fri, 03/19/2010 - 10:57
User Badges:

Thanks Ankurs for your advice. I am planning to do it over this weekend for direct upgrade to 8.2.2.

Actions

This Discussion