Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Upgrading FWSM 4.0(3) to 4.0(17)

Please advise me the best practice to upgrade FWSM from 4.0(3) to 4.0(17).

aloso let me know if there is any known issue while upgrade.

Thanks in advance,

Shain Bharati CCIE (R&S) #28837       

Shain Bharati CCIE (R&S) #28837
Everyone's tags (3)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Upgrading FWSM 4.0(3) to 4.0(17)

Your last posted procedure above is correct. It is a zero downtime upgrade.

Cisco Employee

Upgrading FWSM 4.0(3) to 4.0(17)

Yes, you are correct. Minor/maintenance release upgrade is zero downtime upgrade, and the procedure from the documentation listed is correct.

5 REPLIES
Cisco Employee

Upgrading FWSM 4.0(3) to 4.0(17)

You can upgrade version 4.0.3 directly to 4.0.17, and there is no known issue for the upgrade.

Here is the release notes FYI:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/release/notes/fwsmrn40.html

Community Member

Upgrading FWSM 4.0(3) to 4.0(17)

Hi Jennifer,

I have FWSM in failover Active/Standby pair and need to upgrade both for the above said images.

Now the document below suggests, i need to reload the primary first, then reload the secondary unit before the primary comes up. This means there will be downtime of few minutes till the primary comes back up, and i cannot afford this downtime.

http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/swcnfg_f.html#wp1064244

Now, i was thinking about, reaload secondary first (to boot the new image), then check if the new image (4.0.17) is working fine, make it Active, verify the connections, and then reload the Primary (so both have new image now). But as per the above document it seems like the failover will break if either one of the FWSM units are running different images (as they have suggested reload both almost simultaneously). Please confirm if this is the case, and what would be your suggestion of upgrading my failover pair without downtime..

Cheers,

Shain Bharati CCIE (R&S) #28837

Shain Bharati CCIE (R&S) #28837
Community Member

Upgrading FWSM 4.0(3) to 4.0(17)

Hi Jennifer,

Seems like i was looking at the wrong section in the doc. My upgrade from 4.0.3 to 4.0.17 is only a maintence release upgrade and not major or minor upgrade. So that means i can reload the secondary first to boot 4.0.17 (while primary is still with 4.0.3), after it comes up, then make it active manully with the command, and then reload the primary to boot the 4.0.17 image, and thereby achieve zerp-downtime upgrade..

http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/configuration/guide/swcnfg_f.html#wp1057491

Please confirm the above procedure is correct..

Cheers,

Shain Bharati CCIE (R&S) #28837

Shain Bharati CCIE (R&S) #28837
Hall of Fame Super Silver

Upgrading FWSM 4.0(3) to 4.0(17)

Your last posted procedure above is correct. It is a zero downtime upgrade.

Cisco Employee

Upgrading FWSM 4.0(3) to 4.0(17)

Yes, you are correct. Minor/maintenance release upgrade is zero downtime upgrade, and the procedure from the documentation listed is correct.

473
Views
0
Helpful
5
Replies
CreatePlease to create content