Adding to what johnlloyd_13 has suggested, also take a backup of the current configuration as there is a change in the config structure on version 9.1.3 and above so you can refer following link:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/116685-problemsolution-product-00.html

Thanks,

R.Seth

Thanks John and R.Seth,

Could you please also share what are the standard services need to verify after firmware upgrade on ASA to ensure that everything is working fine.

Regards

Hi,

There is not a specific service that you can check, once the upgrade is done you can run show version and confirm if the device has upgrade to correct version.

You can check:

>> The failover status if you are running failover on ASA.

>> Check CPU usage.

Also if you have a monitoring system then you can check if the status of device after upgrade is same as expected in your network.

You should also check if the ASDM you are using is compatible with ASA version, in case it is not then upgrade your ASDM as well.

Refer following link for compatibility:

http://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html

Hope it helps!!!

Thanks,

R.Seth

Mark the answer as correct if it helps you in resolving your query.!!!

hi,

adding to what risseth have mentioned, issue a show run and ensure all CLI lines are intact using the new ASA image.

also, since you've got a active-standby ASA setup, you want to make sure that it's working. see useful link:

http://ccnpsecuritywannabe.blogspot.com/2013/12/active-standby-failover-on-asa.html

please help to rate and mark as answered.