Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3215
Views
0
Helpful
5
Replies

FWSM Maintenance Software and upgrade

Go to solution
pemasirid
Level 1
Level 1

‎07-04-2012 04:41 AM - edited ‎03-11-2019 04:26 PM

Hi All,

I have few questions on FWSM software upgrade.

1) I could not find the availale maintenance software under software donwload section?

2) what is the maintenance software version required for fwsm 4.1.8 upgrade (this does not have on the release note)

    http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/release/notes/fwsmrn41.html

3) what is the main difference when you upgrad fwsm using following two methods:

    - Installing to the current application partition from the FWSM CLI

   -  Installing to any application partition from the maintenance partition

4) how can we verify the file integrity after copied from tftp/ftp server (because it does not support verify command as in IOS)

5) how can we see the copied files in the fwsm (it does not show with show flash or dir commands)

Appreciate if someone can answer to above querries.

thanks

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Gautam Bhagwandas
Cisco Employee
Cisco Employee

‎07-04-2012 05:13 AM

I will go ahead and try to answer questions 3,4 and 5. Will get back on 1 and 2 sometime soon or will let the others answer on them.

3. Cf:4 and Cf:5 are the application partitions.Installing from mp gives you the flexibility of using any of these two for your installation. Also, if your FWSM does not boot successfully, installing from mp is another way to recover.

4. The file copy process takes care of md5 checksum verification too.

5. When you copy to fwsm, you copy it using the command copy tftp: flash:image.

VL-QN-FW002# dir flash:

Directory of flash:/

2      -rw-  12747700            asdm
1      -rw-  6390272             image
3      -rw-  3063                startup-config

In my case, its:

VL-QN-FW002# show ver

FWSM Firewall Version 4.0(15)
Device Manager Version 6.2(2)F

HTTS-SEC-6509-1#dir /all all-filesystems | inc c6svc

    2  -rw-     6390272  Feb 14 2012 06:54:19 +00:00  c6svc-fwm-k9.4-0-3.bin

    2  -rw-     6390272  Jun 14 2011 09:11:46 +00:00  c6svc-fwm-k9.4-0-6.bin

    6  -rw-     6390272  Feb 14 2012 06:27:44 +00:00  c6svc-fwm-k9.4-0-3.bin

    7  -rw-     6390272  May 14 2012 05:47:00 +00:00  c6svc-fwm-k9.4-0-15.bin

    9  -rw-     6095360  Jun 28 2012 09:03:02 +00:00  c6svc-fwm-k9.3-2-18.bin

    1  -rw-     6390272  Sep 21 2009 07:58:56 +00:00  [c6svc-fwm-k9.4-0-6.bin]

    2  -rw-      262144   Aug 3 2011 05:55:12 +00:00  [c6svc-fwm-k9.4-1-4.bin]

    3  -rw-     6423040   Aug 3 2011 06:01:08 +00:00  [c6svc-fwm-k9.4-1-4.bin]

    4  -rw-     6423040   Aug 3 2011 06:05:30 +00:00  c6svc-fwm-k9.4-1-4-new.bin

if you look at number 7 in the above output, you see 4.0.15 is 6390272 bytes which matches what you see under dir flash: in the fwsm.

View solution in original post

0 Helpful

Go to solution
Gautam Bhagwandas
Cisco Employee
Cisco Employee
In response to pemasirid

‎07-04-2012 08:52 AM

Dear Prem,

dir /all all-filesystems was taken from Cat 6k . I used the switch as the tftp server. Sorry if that caused confusion. I was just trying to show that the size for filename "image" in the show flash on FWSM matches tftp server file size for image 4.0.15.

I also wanted to append the note for point  4 that the copy process has builtin md5 check integrated into it.

If the file is copied, you can be rest assured that the checksum verification was successful.

There is no command verify /md5 on FWSM like you have on the ASA.

If the checksum verification has failed, you will get a message something to the effect of:

"Checksum verification on flash image failed" while copying itself.

Coming to points 1 and 2,

1. URL for download is :

http://www.cisco.com/cisco/software/type.html?mdfid=282229330&flowid=3323

Choose Maintainenence Partion Software.

The navigation path is:

Downloads Home

Products

Switches

LAN Switches - Core and Distribution

Cisco Catalyst 6500 Series Switches

Cisco Catalyst 6509-E Switch (or whatever is the switch platform)

Cisco Catalyst 6500/6000 Series Services Maintenance Partition

2. 3.2/4.0/4.1 releases did not really come up with special maintainence partition image requirement. The only release that i have seen coming up with a special maintaienence partition image requirement is 3.1.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/upgrade/guide/fwsm31up.html#wp2090792

Extract:

"You must install maintenance software Release 2.1(2) or later before you upgrade to FWSM Release 3.1"

Looking at the config guide for 4.1,

http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/swcnfg_f.html#wp1048928

it says:

Installing Maintenance Software

You must install maintenance software Release 2.1(2) or later before you upgrade to FWSM Release 4.0

So, what this means is that 4.1 does not impose any special maintainence partition image requirements.

Most likely, you will not feel the need to download a new mp image. But if its desired to go for the latest, then i would suggest 2.1(4). Image Name is c6svc-mp.2-1-4.bin.gz

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Gautam Bhagwandas
Cisco Employee
Cisco Employee

‎07-04-2012 05:13 AM

I will go ahead and try to answer questions 3,4 and 5. Will get back on 1 and 2 sometime soon or will let the others answer on them.

3. Cf:4 and Cf:5 are the application partitions.Installing from mp gives you the flexibility of using any of these two for your installation. Also, if your FWSM does not boot successfully, installing from mp is another way to recover.

4. The file copy process takes care of md5 checksum verification too.

5. When you copy to fwsm, you copy it using the command copy tftp: flash:image.

VL-QN-FW002# dir flash:

Directory of flash:/

2      -rw-  12747700            asdm
1      -rw-  6390272             image
3      -rw-  3063                startup-config

In my case, its:

VL-QN-FW002# show ver

FWSM Firewall Version 4.0(15)
Device Manager Version 6.2(2)F

HTTS-SEC-6509-1#dir /all all-filesystems | inc c6svc

    2  -rw-     6390272  Feb 14 2012 06:54:19 +00:00  c6svc-fwm-k9.4-0-3.bin

    2  -rw-     6390272  Jun 14 2011 09:11:46 +00:00  c6svc-fwm-k9.4-0-6.bin

    6  -rw-     6390272  Feb 14 2012 06:27:44 +00:00  c6svc-fwm-k9.4-0-3.bin

    7  -rw-     6390272  May 14 2012 05:47:00 +00:00  c6svc-fwm-k9.4-0-15.bin

    9  -rw-     6095360  Jun 28 2012 09:03:02 +00:00  c6svc-fwm-k9.3-2-18.bin

    1  -rw-     6390272  Sep 21 2009 07:58:56 +00:00  [c6svc-fwm-k9.4-0-6.bin]

    2  -rw-      262144   Aug 3 2011 05:55:12 +00:00  [c6svc-fwm-k9.4-1-4.bin]

    3  -rw-     6423040   Aug 3 2011 06:01:08 +00:00  [c6svc-fwm-k9.4-1-4.bin]

    4  -rw-     6423040   Aug 3 2011 06:05:30 +00:00  c6svc-fwm-k9.4-1-4-new.bin

if you look at number 7 in the above output, you see 4.0.15 is 6390272 bytes which matches what you see under dir flash: in the fwsm.

0 Helpful

Go to solution
pemasirid
Level 1
Level 1
In response to Gautam Bhagwandas

‎07-04-2012 06:22 AM

Hi Gautam,

Thanks a lot your reply and time on this.

I was under assumption that when we copy new image to fwms it will get overight with the existing, however i could see in your "dir /all all-filesystems" commands they are all available..

Anyway I'm now clear with the above questions and appreciate if you can get respose for question 1 and 2 as well..

Thanks a lot again Gautam.

Regards,

Prem

0 Helpful

Go to solution
Gautam Bhagwandas
Cisco Employee
Cisco Employee
In response to pemasirid

‎07-04-2012 08:52 AM

Dear Prem,

dir /all all-filesystems was taken from Cat 6k . I used the switch as the tftp server. Sorry if that caused confusion. I was just trying to show that the size for filename "image" in the show flash on FWSM matches tftp server file size for image 4.0.15.

I also wanted to append the note for point  4 that the copy process has builtin md5 check integrated into it.

If the file is copied, you can be rest assured that the checksum verification was successful.

There is no command verify /md5 on FWSM like you have on the ASA.

If the checksum verification has failed, you will get a message something to the effect of:

"Checksum verification on flash image failed" while copying itself.

Coming to points 1 and 2,

1. URL for download is :

http://www.cisco.com/cisco/software/type.html?mdfid=282229330&flowid=3323

Choose Maintainenence Partion Software.

The navigation path is:

Downloads Home

Products

Switches

LAN Switches - Core and Distribution

Cisco Catalyst 6500 Series Switches

Cisco Catalyst 6509-E Switch (or whatever is the switch platform)

Cisco Catalyst 6500/6000 Series Services Maintenance Partition

2. 3.2/4.0/4.1 releases did not really come up with special maintainence partition image requirement. The only release that i have seen coming up with a special maintaienence partition image requirement is 3.1.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/upgrade/guide/fwsm31up.html#wp2090792

Extract:

"You must install maintenance software Release 2.1(2) or later before you upgrade to FWSM Release 3.1"

Looking at the config guide for 4.1,

http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/swcnfg_f.html#wp1048928

it says:

Installing Maintenance Software

You must install maintenance software Release 2.1(2) or later before you upgrade to FWSM Release 4.0

So, what this means is that 4.1 does not impose any special maintainence partition image requirements.

Most likely, you will not feel the need to download a new mp image. But if its desired to go for the latest, then i would suggest 2.1(4). Image Name is c6svc-mp.2-1-4.bin.gz

0 Helpful

Go to solution
pemasirid
Level 1
Level 1
In response to Gautam Bhagwandas

‎07-04-2012 02:08 PM

Dear Gautam,

Thank you very much for your detailed explanation with all the documents. This clears all my doubts and questions that I wanted to clarify.

Regards,

Prem

0 Helpful

Go to solution
dustinandrew420
Level 1
Level 1

‎03-14-2023 11:34 AM

Hi there,

Regarding your questions about FWSM software upgrade and maintenance, I suggest contacting a reliable Maintenance Chester Service provider. They will be able to assist you with the availability of the maintenance software, the required version for FWSM 4.1.8 upgrade, the main differences between the two upgrade methods, verifying file integrity after copying, and seeing copied files in FWSM.

Best of luck with your software upgrade and maintenance!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card