Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3546
Views
5
Helpful
19
Replies

ASA failover upgrade path question

Go to solution
Matt Glosson
Level 1
Level 1

‎02-25-2018 10:24 AM - edited ‎02-21-2020 07:26 AM

There are several questions on these support forums regarding upgrade paths. This link has been shared a lot. I have read it, but I still have a question/concern.

We have an active/standby failover pair of 5525-X ASAs currently running 9.4(4)16. Typically the way I have zero-downtime upgraded them is to put the new code on both and set it to boot from it, then reboot the standby so it comes up with the new version. Then make the standby active, and reboot the formerly-active one.

I read long ago that a running pair should always be within 0.1 versions of each other (notwithstanding the 8.4-to-9.0 upgrade ). Is that not true anymore? The link above indicates 9.4 can be upgraded directly to 9.9. That means that the standby can be running 9.9 while the active is running 9.4 for a time and still retain stateful failover?

1 person had this problem
Labels:
0 Helpful
19 Replies 19

Go to solution
drlbaluyut
Level 1
Level 1
In response to Sheraz.Salim

‎01-08-2019 09:18 PM

Hi

 

That's good to know. Specifically i will upgrade from 9.6(4)3 to 9.9(2). Thanks for your confirmation.

 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Matt Glosson

‎01-09-2019 12:38 AM

There is zero downtime when upgrading an HA pair of ASA appliances from ASA 9.4(x) to ASA 9.9(x) software.

0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to Marvin Rhoads

‎01-09-2019 12:46 AM

This is what i said Marin after looking at cisco asa software matrix. but this gentleman was not very convince so to clear his doubts i run this test on my ASA-X series 9.6 to 9.9 in HA pair the upgrade was a success.

 

also reading the documentation 9.4 to going to 9.9 is also a zero downtime.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa99/release/notes/asarn99.html

 

@drlbaluyutkinldy please mark this as answered so other tech guy can find this useful post.

please do not forget to rate.

Go to solution
drlbaluyut
Level 1
Level 1
In response to Sheraz.Salim

‎01-09-2019 01:19 AM

Hi Radio_City

I would like to mark this as answered but i'm not the thread starter.
0 Helpful

Go to solution
Sheraz.Salim
VIP
VIP
In response to drlbaluyut

‎01-09-2019 01:22 AM

no worries. I hope you find the community supportive and beneficial. we all here to help each other and learn. This is a great place to contribute in order to enhance knowledge. hope you find it helpful. all the best.

Feel free to post any question.  

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card