×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Opinions on upgrading 515E/PIX 6.3 in failover configuration

Unanswered Question
Dec 20th, 2005
User Badges:

All,


Is anyone aware of a suggested or recommended method for upgrading a pair of 515Es in a failover configuration?


In the light of http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml it seems unlikely I'm the first person to want to do this but I can't see any reference to a procedure on the Cisco site.


Do I have to unplug the failover lead and do them one at a time? Can I just upgrade the primary, causing a failover to secondary, then upgrade the secondary causing a failover back to primary?


Any thoughts/links/experiences appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
mpalardy Tue, 12/20/2005 - 08:51
User Badges:
  • Bronze, 100 points or more

Take a look to this url:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094a5d.shtml#failover


Before performing the upgrade, just save the old config from the pix in case of a roll back to the old version.


At the end of the upgrade procedure I also make a reload from both pix at the same time.


There is also a special procedure if you want to upgrade from 6.2 to 7.0

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/pix_upgd/pixupgrd.htm



jamescork Wed, 12/21/2005 - 04:04
User Badges:

Many thanks for your help.


Option 1 looks similar to my planned route and shall be the route we take.


Thanks again.

allgeyer Mon, 02/20/2006 - 08:56
User Badges:

Sorry for warming up this thread.


If I understand right, there is no way of upgrading PIX OS 6.x to PIX OS 6.x+1 w/o having any downtime, right?


--

PIT

rajnagpal Tue, 02/21/2006 - 21:34
User Badges:

Hi James,


A complete detailed description on how to upgrade PIXes operating in a failover environment can be found here :


http://www.ciscotaccc.com/security/showcase?case=K73545150


This contains information for upgrading PIX firewalls operating on 6.x code to a 6.x version or upgrading PIX firewalls operating on code 6.x to 7.x version providing information on how to minimize the downtime for upgradation.


The article also provides information on ZERO DOWNTIME upgrade procedure for uprading the PIXes to 7.x code.


Hope it helps.


Regards,

Raj

Actions

This Discussion