Cisco Support Community
Community Member

Upgrading Pix520 5.0(2) to 6.2(2)

First off, these 520's are in a failover circuit. How do I upgrade while in a failover circuit. I can't just disconnect my cable, since that will make my standby active with the same IP Address as my active.

Also, are there any known problems that I need to be aware of (configuration-wise?). This is a huge jump in an upgrade, and alot of changes could have been made between releases. I'm looking at all the release notes from all the revisions, but that's like 150 pages!!! <grin>

Any advice would be appreciated! Thanks

Community Member

Re: Upgrading Pix520 5.0(2) to 6.2(2)

Does ANYONE know of how to do a software upgrade between two firewalls in a failover configuration?

If I do my first firewall, then that would put two firewalls with different versions in a failover (at least until I get the other one upgraded). If I disconnect the failover circuit, that would place my standby into active mode, and I will have duplicate IP's on my network.

Any ideas would greatly help!

Community Member

Re: Upgrading Pix520 5.0(2) to 6.2(2)

I did it before.

First thing. If you already have 16mb flash - it is good. If you going to upgrade flash at the same timne than you should know that config (NVRAM) is in the same board. So when you will put neww flash - you lost config. And as fas as you cannot download it then you should just copy and paste. But if file is too big then do it by pieces....

Second. You cannot run different vertion of software on primary and secondary.

Cisco have some step by step solution but it did not work for us. I do not know why.

So .. Next Time I'll have the same problem I will do it this way.

I will break failover. Will upgrade software on one box. Then put config in this box. Then I will turn off old one and move connections to new one and turn on new one box. Then I will wait for few hours...and then do upgrade for second box and will put it as failover.

About 6.2.2. When we move to this version then we got some problem with authentication and something else ( I am not only person who is working with this box). So if you have Cisco support then you are OK. If not... it depends on you....Some bugs was fixed.... others added... This is life.

I know that Cisco gave us some other version that from the site. Something was fixed. You can see that 6.1.4 is GD (general deployment versaion), and 6.2.2 is ED (early deployment). So it is your choice.

Cisco Employee

Re: Upgrading Pix520 5.0(2) to 6.2(2)

Failover upgrade procedures are detailed here:

You're correct in figuring out that you need a fraction of downtime, since failover PIX have to be running the same code version.

As for going from 5.0 to 6.2, you should be OK. I'd probably suggest going from 5.0 to 5.2 to 6.0 to 6.2 just to be sure, but it should be OK. I presume you've already upgraded both PIX's with a 16Meg flash card?

CreatePlease to create content