Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1607
Views
0
Helpful
5
Replies

ASA 5525 Firmware Upgradtion and Revert(rollback) process

netbeginner
Level 2
Level 2

‎09-23-2015 12:11 AM - edited ‎03-11-2019 11:38 PM

Dear Friendz,

 

Currently we are using ASA 5525 in Active-Standby pair (Firmware - asa922-4-smp-k8.bin) and planning to upgrade the same, aware about the firmware up gradation process but would like to know about rollback (revert or downgrade steps) . If require in case of any service issue with or due to new firmware.

 

Regards

Labels:
0 Helpful
5 Replies 5

johnlloyd_13
Level 9
Level 9

‎09-23-2015 12:27 AM

hi,

you could copy the new image on the ASA flash and retain the current asa922-4-smp-k8.bin image.

just manipulate between the boot system commands if you plan to roll back.

see helpful link and sample below:

http://ccnpsecuritywannabe.blogspot.com/2015/06/asa-file-system-and-bootvar-command.html

 

for upgrade:

no boot system disk0:/asa922-4-smp-k8.bin

boot system disk0:/<NEW IMAGE>.bin

 

for roll back:

no boot system disk0:/<NEW IMAGE>.bin

boot system disk0:/asa922-4-smp-k8.bin

0 Helpful

Rishabh Seth
Level 7
Level 7
In response to johnlloyd_13

‎09-23-2015 12:55 AM

Adding to what johnlloyd_13 has suggested, also take a backup of the current configuration as there is a change in the config structure on version 9.1.3 and above so you can refer following link:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/116685-problemsolution-product-00.html

Thanks,

R.Seth

0 Helpful

netbeginner
Level 2
Level 2
In response to Rishabh Seth

‎09-23-2015 03:38 AM

Thanks John and R.Seth,

Could you please also share what are the standard services need to verify after firmware upgrade on ASA to ensure that everything is working fine.

 

Regards

 

 

0 Helpful

Rishabh Seth
Level 7
Level 7
In response to netbeginner

‎09-23-2015 03:47 AM

Hi,

 

There is not a specific service that you can check, once the upgrade is done you can run show version and confirm if the device has upgrade to correct version.

 

You can check:

>> The failover status if you are running failover on ASA.

>> Check CPU usage.

Also if you have a monitoring system then you can check if the status of device after upgrade is same as expected in your network.

You should also check if the ASDM you are using is compatible with ASA version, in case it is not then upgrade your ASDM as well.

Refer following link for compatibility:

http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html

 

Hope it helps!!!

Thanks,

R.Seth

Mark the answer as correct if it helps you in resolving your query.!!!

 

0 Helpful

johnlloyd_13
Level 9
Level 9
In response to netbeginner

‎09-23-2015 06:57 AM

hi,

adding to what risseth have mentioned, issue a show run and ensure all CLI lines are intact using the new ASA image.

also, since you've got a active-standby ASA setup, you want to make sure that it's working. see useful link:

http://ccnpsecuritywannabe.blogspot.com/2013/12/active-standby-failover-on-asa.html

please help to rate and mark as answered.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card