Following the sw upgrade procedure from FWSM Configuration Guide (reload standby->switch active->reload primary->switch back) I had no problems upgrading with zero-downtime from 3.1.3 to 3.1.4
in active/standby failover pair.
Making the exact same procesure on another failover pair trying to upgrade from 3.1.1 to 3.1.4 causes be problems: When discovering a mate with the new version failover is forced off on both units, and no replication takes place. The upgraded device ends up in a pseudo standby state, and as I se it I now have the option of downgrading to 3.1.1 or upgrading the primary (with downtime) and then reestablish failover when having same sw on both units.
In the conf guide it is stated that 'You can upgrade from any maintainance release to any other maintainance release within a minor release, so jumping from 3.1.1 to 3.1.4 should not cause a problem.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...