Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to upgrade the PIX Firewall software in a failover scenario

Resolution

In this procedure, the PIXes must be running version 5.1(x) or later to use this procedure because it uses the copy tftp flash command. It was introduced in PIX 5.1(x). These are the two ways to upgrade PIXes in a failover set:

To upgrade PIXes by establishing console connection to the PIXes, perform these steps:

  1. Force a failover to the secondary PIX by issuing the no failover active command on the primary PIX, or power off the primary PIX. This causes the secondary PIX to become active.
       
  2. Disconnect all network cables from the primary PIX (including the failover cable).  
       
  3. Power on the primary PIX and attach a PC with a TFTP server on it. Connect the inside interface of the primary PIX to the TFTP server with a crossover cable).  
       
  4. Issue the copy tftp flash to upgrade the primary. Perform the upgrade procedures for the primary PIX as given in Upgrading Software for the Cisco Secure PIX Firewall.  
       
  5. Reload the primary PIX and verify the new version, license keys and features, configuration and so on.  
       
  6. Power off the primary PIX.  
       
  7. Re-connect all cables to the primary PIX.
       
  8. Quickly power off the secondary PIX, then immediately power on primary PIX. Verify that the primary PIX is now passing traffic running the new version of code.     

    Note: Your downtime occurs while the primary is booting.

       
  9. Once the primary PIX is up, it becomes active and passes traffic.  
       
  10. Repeat steps two through seven for the secondary PIX.  
       
  11. Power on the secondary PIX. It becomes the standby unit. Wait two minutes and verify that the secondary PIX is in standby mode and that all interfaces have a status of Normal.Both PIXes are now running the upgraded version and back to normal operation.

To upgrade PIXes through Telnet or and Secure Shell (SSH) session, perform these steps:

  1. Open separate remote Telnet sessions to both the primary and seconday PIXes.  
       
  2. Perform a show failover to ensure that the primary PIX is the active PIX.    

    Note: If it is not, issue the failover active command from the show primary PIX to make it so. 

       
  3. Enter config t mode on both PIXes.  
       
  4. For recovery purposes, in case something goes wrong, copy the running config command from the primary PIX to a text file, or issue the write net command from the primary PIX to save the config to the TFTP server.  
       
  5. Issue the write standby command, followed by athe write memory command on the primary PIX to insure that the secondary PIX is up-to-date, in case something happens to the primary PIX  
       
  6. Issue the copy tftp flash command on the primary PIX and wait until it downloads the new PIX image from the TFTP server successfully  
       
  7. If the step 6 download is successful on the primary PIX, repeat step six on the secondary PIX.  

    Note: At this point, a new PIX image has been downloaded to both the primary and secondary PIX.

       
  8. On the primary PIX, press the Reset button on the front of the PIX, As an alternative, turn off the power and turn it back on).  
       
  9. Wait five seconds, then press the Reset button on the front of the seconday PIX, or turn off the power and turn it back on.  
       
  10. Wait about one minute for both PIXes to complete their resets, then perform a separate Telnet to both primary and secondary PIXs.  
       
  11. Verify through the show version command output on both PIXes that the new PIX image has been installed successfully.  
       
  12. Verify through the show failover command output on the primary PIX that it is active, and verify that the secondary is in standby mode. Both PIXes are now running the upgraded version and back to normal operation.

For customers who want to upgrade the failover set remotely, initiate two Telnet (or SSH) sessions to the PIXes. Initiate one session to the primary and one session to the secondary. Replace steps eight and nine with these steps:

  1. On the secondary (standby) PIX, type reload to reboot the PIX.  
       
  2. On the primary (active) PIX. type reload to reboot the PIX.     

    Note: The primary must be reloaded before the secondary comes back on line. This gives you only a few seconds to perform these steps.

       
  3. Wait about one minute for both PIXes to complete their resets, then initiate another Telnet (or SSH) session to both PIXes. 
       
  4. Verify through the show version command output that both PIXes are running the new image.  
       
  5. Verify through the show failover command output that the secondary is active.  
       
  6. On the primary PIX, issue the failover active command to force it to become the active PIX.  
       
  7. Both PIXes are now running the upgraded image and back to normal operation.

When upgrading remotely, the secondary comes up first, so it is active when this process is complete. You Issue the failover active command from the primary to force it to be active.

Note: Downtime occurs when both PIXes are powered off and as the primary PIX boots up. This downtime is necessary because the PIXes cannot communicate to one another on different versions of code.

PIX version 7.0 introduces the ability for customers to perform software upgrades of failover pairs without impacting network uptime or connections flowing through the units. Version 7.0 introduced the ability to do inter-version state sharing between security appliance failover pairs, allowing customers to perform software upgrades to maintenance releases (for example, Version 7.0(1) upgrading to 7.0(2)) without impacting traffic flowing through the pair. In active ors tandby failover environments or active/active environments where the pair is not oversubscribed, more that 50 percent load on each pair member.

To perform the upgrade without impacting connections, Back up current configurations and perform these steps:

  1. Copy the image files to the device, and select the image to boot by issuing the boot system command.  
       
  2. Reload the standby unit, which causes it to boot the new image.  
       
  3. When the standby unit is in standby_ready state, force a failover so it becomes active. Re-load the new standby unit.Now both units are running the new image.      

For more information about failover, refer to Configuring Failover.

For the process to work smoothly, it is better to reload the standby unit in the procedure instead of the active unit. In a situation where the units are Active/Active, and you do not want to impact connections on the secondary active unit, you must change the failover groups on the unit to achieve the same active/standby state before performing the steps.

If it is necessary to upgrade to a later version of software, you must upgrade to the next version for the upgrade to avoid impacting network uptime. For example, if you need to upgrade from version 7.0(1) to version 7.0(3), you must upgrade from version 7.0(1) to version 7.0(2), then to version 7.0(3).

For details, refer to the Performing Zero Downtime Upgrades for Failover Pairs section of Managing Software, Licenses, and Configurations.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:04 PM
Updated by:
 
Labels (1)
Everyone's tags (4)