Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
0
Helpful
3
Replies

ASA 5520 firmware upgrade

Andy White
Level 3
Level 3

‎05-08-2013 01:22 AM - edited ‎03-11-2019 06:40 PM

Hello,

We have 2 ASA 5520s in active/standy.  We run IOS 8.2(5)24 and I wondered if I need to upgrade as I see the versions have gone to 8.4 and beyond!  We are not getting any issues and I'm aware of the difficult migration from 8.2 to 8.4 etc due to the NAT change.

I'm very interested in your thoughts and passed experiences.

I guess if it's not broken then don't fix it

Thanks

Labels:
0 Helpful
3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

‎05-08-2013 01:32 AM

Hi,

I would suggest browsing through some of the Release Notes of the software levels higher than yours and seing the "New Features" section of each document to see if you see anything interesting that the new software would support and yours doesnt

Just to give you an example.

There is a big change in the next software level also with regards to Failover Licensing (naturally also the NAT and ACL changes)

You will no more require identical licensing on the Failover units. In addition the existing licenses are added together to actually give you more than you currently have

Non-identical failover licenses

Failover licenses no longer need to be identical on each unit. The license used for both units is the combined license from the primary and secondary units.

Note For the ASA 5505 and 5510 adaptive security appliances, both units require the Security Plus license; the Base license does not support failover, so you cannot enable failover on a standby unit that only has the Base license.

The following commands were modified: show activation-key and show version.

Source:

http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html#wp460665

I will perhaps write some more later.

- Jouni

0 Helpful

Andy White
Level 3
Level 3
In response to Jouni Forss

‎05-08-2013 01:49 AM

Hi,

The thing is we don't need any new features, so it is hard to justify to the business etc, bit of a dilemma to be honest.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Andy White

‎05-08-2013 09:32 AM

Hello Andy,

As a personal recommendation I will go to the latest due to the fact of the new amazing features.. I know, I know you already said you do not need any new feature but just in case

Now it's also important to go to the latest version to fix  known bugs or vulnerabilities on previous/older versions but if you think you are more than fine on your current version then I do not see why you should perform an upgrade,

Do you see what I mean?

Regards.

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card