Good morning guys
I need to upgrade a FWSM from version 4.1(6) to 4.1(15). I understand this procedure as mantaining the same major and minor version, only changing the maintenance release.
I found some articles and discussions regarding caution upgrading with different minor and major versions.
I have never upgraded FWSM only ASA appliances. I need to perform this aiming zero-downtime, the same way I could perform with ASA appliances.
I could not find where is the actual system image (it doesnt appear with dir command). Even I could not find something like boot in configuration.
That modules work in active-standby and have many contexts.
Anyone have the detailed procedures, recommendations, commands to perform this task?...This environment is very critical.
As you say, the major and minor release will remain the same. It will only change the maintenance release so zero downtime is possible.
I would recommend the following:
1. load the image on both FWSM flash.
2. Save configuration
3. Reload Standby unit.
4. Standby Unit should come up with the 4.1.15 version. Failover will not break and it should still be the standby unit.
5. Reload Active Unit. This will force traffic to go through the former Standby Unit, making it active.
6. Unit will come up as Standby with the 4.1.15.
I hope it helps.
Agree with Itzcoatl, Zero downtime is possible. Zero downtime was a problem with Old versions 2.x/3.1. But Starting from 3.2 onwards its posible. A Doc Bug was filed to correct the documentation CSCtr63007.
Good Morning Gentlemen
Thanks for your help. It has been very useful.
Based on your answers, I have some detailed doubts to proceed to the implementation.
1 - Could I upload the new image both in primary/active and secondary/standby FWSM?...I red something about have to perform failover to upload the image in secondary device.
2 - Should I rename the images (software and ASDM) uploaded to Flash:?...Until now I have former files named ASDM and IMAGE in flash.
3 - How can I set the boot image in configuration, like I do usually in ASA?...Only do I have to reboot the firewall and the device fits itself?
I'm worried about having any kind of impact
Regards and thanks to your help
Here are my answers:
1. You can do it either way. There is no problem as failover wont break.
2. There is no need to rename the images. The FWSM flash has a predefined space for the ASDM and for the FWSM software image.
3. There is no boot option on the FWSM. You can only have one ASDM and FWSM image on flash at a time. When you upload the image it will over write it and will take affect after the reload.
NOTE: For the ASDM image there is no need to reload the FWSM.
It's clearer now
In device flash I found:
Directory of flash:/
2 -rw- 12747700
1 -rw- 6423040
3 -rw- 14720
Putting the .bin file in root the device will automatically substitute the former file (image, no extension) in image directory, after reboot?
That is correct
The commands to copy each image are:
copy tftp flash:image
copy tftp flash:asdm
Today I have found that new release available - FWSM 4.1(16), but there is no Release Notes for this minor release!
Release notes link:
There are no 4.1(16) mentioned. Anybody knows what difference between 4.1(15) and 4.1(16)?