Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
610
Views
0
Helpful
1
Replies

Reimage AIS SSM20 on secondary firewall

pskipton01
Level 1
Level 1

‎12-25-2010 04:36 PM - edited ‎03-10-2019 05:13 AM

I have two firewalls asa 5520 each has AIP-SSM

20. I need to reimage the IPS on the secondary firewall

.

To avoid a failover do I need to shut off the SSM on the primary firewall. Do I need to turn off failover? What would be the way to do this to not disturbe the primary firewall?

Labels:
0 Helpful
1 Reply 1

cvilleme
Level 1
Level 1

‎12-25-2010 05:21 PM

Hi Perry,

I am assuming that you have an active/standby ASA failover configuration, is that correct?  Instead of the terms 'primary' and 'secondary', it's better to refer to the current failover state of each firewall, i.e., 'active' and 'standby', since it is those states that determine what fails over to what.  If you are reimaging the AIP-SSM-20 in the standby ASA, then that won't impact the active ASA.  You would only impact the active ASA if you were reimaging the AIP-SSM-20 in the active ASA.

Let's assume that you needed to upgrade or reimage or reboot the AIP-SSM-20 in the active ASA within an active/standby failover deployment and did not want to trigger an ASA failover.  In that case, you have the two options you mention -- Option #1) first shutdown the AIP-SSM-20 in the standby ASA and then perform the reimage of the module in the active ASA, or Option #2) temporarily disable failover, reimage the AIP-SSM-20, and then re-enable failover.

Regards,
Chris

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card