Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

FWSM upgrade : 4.0(8) to 4.0(12)

Hi,

Is it possible to upgrade image from 4.0(8) to 4.0(12) from application partition using TFTP?

failover mode:

==========

If we upgrade the image first in standby/Active without disconnecting from network, will that impect the production.

My worry is if there is mismatch in image version then failover will not work and both FWSM may try to become active.

what is the best method to upgrade FWSM in failover mode..?

Regards

Amar

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: FWSM upgrade : 4.0(8) to 4.0(12)

No need to disable failover. Just follow what Magnus said. You will be just fine.

To summarize:
1. Load 4.0.12 onto both FWSM (copy tftp flash:image on both units)
2. Reload your Standby FWSM so it comes up running 4.0.12
3. Wait for it to synchronize failover

4.
a. Reload your Active unit. This will cause a failover to occur and your Standby will become active.
or
b. issue "no fail active" on the active unit or issue "fail active" on the
standby unit. This will cause a failover to occur and your Standby will become active. Now reload the primary.

5. Both devices should now run 4.0.12 and synchronize failover

-KS

4 REPLIES
Cisco Employee

Re: FWSM upgrade : 4.0(8) to 4.0(12)

Amar,       Hitless upgrades are supported between maint images like 4.0.8 and 4.0.12. Just upgrade the standby and reload it. Once it comes up and is stable, failover and upgrade the other blade.  Major upgrade like 4.0.8 to 4.1.1 will require downtime.   - Magnus

Posted from my mobile device.

Community Member

Re: FWSM upgrade : 4.0(8) to 4.0(12)

Thanks for comment..

Before reload, shall i stop failover.. will both FWSM try to become active, if yes then will it impect production?

After upgrading image in standby, will it impect production due to image mismatch? Not sure if failover work after this or it will be disabled ?

regards

amar

Community Member

Re: FWSM upgrade : 4.0(8) to 4.0(12)

Another option, we can upgrade the Secondary first, reload and it will come its old Failover state (Secondary), and do it on Primary FWSM and reload.. this time Sec will become Active and Primary will sync with Standby. Later we can switch back to Primary whichever box you want..

Regards

karuna

Cisco Employee

Re: FWSM upgrade : 4.0(8) to 4.0(12)

No need to disable failover. Just follow what Magnus said. You will be just fine.

To summarize:
1. Load 4.0.12 onto both FWSM (copy tftp flash:image on both units)
2. Reload your Standby FWSM so it comes up running 4.0.12
3. Wait for it to synchronize failover

4.
a. Reload your Active unit. This will cause a failover to occur and your Standby will become active.
or
b. issue "no fail active" on the active unit or issue "fail active" on the
standby unit. This will cause a failover to occur and your Standby will become active. Now reload the primary.

5. Both devices should now run 4.0.12 and synchronize failover

-KS

547
Views
8
Helpful
4
Replies
CreatePlease to create content