Upgrading FWSM version 4.x

Christian Jorge · ‎01-06-2014

Good morning guys

I need to upgrade a FWSM from version 4.1(6) to 4.1(15). I understand this procedure as mantaining the same major and minor version, only changing the maintenance release.

I found some articles and discussions regarding caution upgrading with different minor and major versions.

I have never upgraded FWSM only ASA appliances. I need to perform this aiming zero-downtime, the same way I could perform with ASA appliances.

I could not find where is the actual system image (it doesnt appear with dir command). Even I could not find something like boot in configuration.

That modules work in active-standby and have many contexts.

Anyone have the detailed procedures, recommendations, commands to perform this task?...This environment is very critical.

Regards

Christian

Itzcoatl Espinosa · ‎01-09-2014

Hi Christian,

As you say, the major and minor release will remain the same. It will only change the maintenance release so zero downtime is possible.

I would recommend the following:

1. load the image on both FWSM flash.

2. Save configuration

3. Reload Standby unit.

4. Standby Unit should come up with the 4.1.15 version. Failover will not break and it should still be the standby unit.

5. Reload Active Unit. This will force traffic to go through the former Standby Unit, making it active.

6. Unit will come up as Standby with the 4.1.15.

I hope it helps.

regards,

Itzcoatl

Dinkar Sharma · ‎01-09-2014

Agree with Itzcoatl, Zero downtime is possible. Zero downtime was a problem with Old versions 2.x/3.1. But Starting from 3.2 onwards its posible. A Doc Bug was filed to correct the documentation CSCtr63007.

Dinkar

Christian Jorge · ‎01-10-2014

Good Morning Gentlemen

Thanks for your help. It has been very useful.

Based on your answers, I have some detailed doubts to proceed to the implementation.

1 - Could I upload the new image both in primary/active and secondary/standby FWSM?...I red something about have to perform failover to upload the image in secondary device.

2 - Should I rename the images (software and ASDM) uploaded to Flash:?...Until now I have former files named ASDM and IMAGE in flash.

3 - How can I set the boot image in configuration, like I do usually in ASA?...Only do I have to reboot the firewall and the device fits itself?

I'm worried about having any kind of impact

Regards and thanks to your help

Christian

Itzcoatl Espinosa · ‎01-10-2014

Hi Christian,

Here are my answers:

1. You can do it either way. There is no problem as failover wont break.

2. There is no need to rename the images. The FWSM flash has a predefined space for the ASDM and for the FWSM software image.

3. There is no boot option on the FWSM. You can only have one ASDM and FWSM image on flash at a time. When you upload the image it will over write it and will take affect after the reload.

NOTE: For the ASDM image there is no need to reload the FWSM.

Thanks,

Itzcoatl

Christian Jorge · ‎01-10-2014

It's clearer now

In device flash I found:

Directory of flash:/

2 -rw- 12747700 asdm

1 -rw- 6423040 image

3 -rw- 14720 startup-config

Putting the .bin file in root the device will automatically substitute the former file (image, no extension) in image directory, after reboot?

Itzcoatl Espinosa · ‎01-10-2014

Hi Christian,

That is correct

The commands to copy each image are:

copy tftp flash:image

and

copy tftp flash:asdm

regards,

Itzcoatl

Vasiliy Rudomanov · ‎02-04-2014

Hello.

Today I have found that new release available - FWSM 4.1(16), but there is no Release Notes for this minor release!

Download link:

http://software.cisco.com/download/release.html?mdfid=277413409&flowid=4383&softwareid=280775068&release=3.2(28)&relind=AVAILABLE&rellifecycle=&reltype=latest

Release notes link:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm41/release/notes/fwsmrn41.html

There are no 4.1(16) mentioned. Anybody knows what difference between 4.1(15) and 4.1(16)?