cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
444
Views
0
Helpful
2
Replies

IPS engine upgrade with failover ASA, now they don't match?

ttrevino1
Level 1
Level 1

We recently added a failover 5520 with the ASA-SSM-20, which matches the primary ASA/IPS. My question is I just upgraded the primary IPS to 5.1(5)-E1. It went fine, except now the failover IPS is still on 5.0(2). How do I update the failover IPS to match what's on the primary?

Shouldn't this happen automatically since it is setup in a failover scenario? I have it cabled via a cross-over cable to the primary ASA.

2 Replies 2

Nick Egloff
Level 1
Level 1

The SSM modules are managed completely separately from the firewalls; you need to upgrade & manage both of them individually, as well as apply the same configurations to each either separately, or via a group in either CSM or VMS...

If the second SSM module hasn't been given its own IP, you can "session" into it from the standby firewall console and then give it it's own IP..

If this helped, please rate the post :-)

Thanks!

...Nick

Hey Nick, I'm not sure if the failover IPS has it's own IP, I'll have to check. We had a vendor install it a couple of weeks ago.

I downloaded the latest version of CSM, but it said it wasn't compatible with XP? Is there a differernt one which will work? I haven't used CSM or VMS before, so I'm not familiar with either.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: