So I found the IronPort page where it instructs you how to upgrade using the CLI, here are the steps:
As a best practice, IronPort recommends preparing for an upgrade by taking the following steps:
1. Save the XML configuration file off of the appliance. 2. If you are using the Safelist/Blocklist feature, export the list off of box. 3. Suspend the listeners. 4. Drain the mail queue and the delivery queue. 5. Re-enable the listeners after you upgrade.
Only problem is I don't know the syntax for steps 3-5. I have 2 C350's. So I assuming I suspend the listeners on one, drain the que's - so the other one will start getting all the mail. Then once it's back up and I re-enable, both will start getting mail again, then I in turn do the same process on the other C350.
I also have a M650 - should I upgrade the M-series first, or the 2 C-series to the newest build first? I'm running 6.3.5-003, I am planning to go to the latest build on all 3 appliances (6.5.0-405).
Any help would be appreciated. I noticed you could upgrade through the GUI also, but seems like that is frowned upon. Why? I just want to click the big "Upgrade" button! haha
I'm always using the CLI for my upgrades; it gives you more insight in what's happening.
The CLI commands for your steps 3 and 5 are "suspend listener" (step 3) and "resume all" (step 5)
You can also do a "suspend all" but that also suspends mail delivery, making in impossible to drain the system. This is possibly not a problem, normally are the mails that can not be delivered to internet hosts that are down. For draining messages to your internal systems all you have to do (normally) is just wait a few seconds.
Your assumption about starting with the first machine and then proceed with the second after you finished the first sounds perfect to me. I usually start with my C series and upgrade the M series after that. I had once a problem with a M1050 that was on a higher software level than my C series. (It could not retrieve the data from the C series). But I have never seen a real advice from Ironport on this.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...